What is AWS Control Tower?
You are up and running in the AWS cloud. You've done multiple PoCs, and you have a number of workloads using S3, EC2 and multiple RDS databases. So far so good! But now your team is recommending creation of a Redshift data lake and switching some of your applications over to use serverless AWS Lambdas. But you have some concerns:
- Is your spend optimized?
- Are your instances and data fully secured?
- Do you have the right authentication mechanisms in place?
Moving from proof of concept to AWS operational excellence is a key inflection point for every cloud-enabled organization, and it's not solved by simply throwing more money at things.
When it comes to pulling it all together, an audit is the first step. Be sure to do a comprehensive audit of your systems. If you are wondering where to start you can use this template:
Server Cloud Migration Audit Template.xlsx (.zip)
AWS Control Tower
Once you have a map of your systems, AWS Control Tower is a great organizational tool. It's a service offered by Amazon Web Services (AWS) that provides a centralized way to set up and govern secure, compliant multi-account AWS environments and is designed to simplify the process of creating and managing multiple accounts in AWS. Specifically it helps tie together multiple AWS accounts with the following services:
- AWS Organizations - financial constraints
- AWS Single Sign-On (SSO) - user management
- AWS Service Catalog
- AWS Config
- AWS CloudTrail - AWS API logging
All of these products when tied together provide a comprehensive way of getting your company to AWS operational excellence - before expanding the pantheon of services or moving from proof of concepts to production environments at scale.
What are the benefits of AWS Control Tower?
- Centralized Governance
- AWS Control Tower Templates
- Centralized Reporting
One of the key benefits of AWS Control Tower is its ability to enforce governance policies across all AWS accounts within an organization. This is achieved through the use of guardrails, which are predefined rules that are applied to all accounts within a managed environment. Guardrails help ensure that all accounts are configured to meet regulatory and compliance requirements, as well as best practices for security and resource optimization.
AWS Control Tower Templates
AWS Control Tower also provides a range of pre-configured templates, which can be used to quickly set up new accounts with the necessary resources and configurations. These templates can be customized to meet specific organizational requirements, and can be used to create standardized account configurations across an organization.
In addition to these features, AWS Control Tower also provides detailed visibility into account usage and compliance through a centralized dashboard. This allows organizations to monitor and track usage patterns, detect potential security threats, and ensure compliance with regulatory requirements.
What else is needed?
The main thing required to getting your AWS house in order, is time and attention. It can be very helpful to walk through the audit and planning with a third party consultant, but ultimately the buck starts and stops with IT leadership. Successful PoCs on AWS are great, but they should be followed with organization and strategy sessions before things get out of hand.
Add new comment