AWS CloudTrail vs. AWS Control Tower

AWS Control Tower

Overview
Product	Rating	Most Used By	Product Summary	Starting Price
AWS CloudTrail	Score 8.5 out of 10	N/A	AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of an AWS account. With CloudTrail, users can log, continuously monitor, and retain account activity related to actions across AWS infrastructure. CloudTrail provides event history of AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking,…	N/A
AWS Control Tower	Score 8.9 out of 10	N/A	The vendor presents AWS Control Tower as the easiest way to set up and govern a new, secure multi-account AWS environment. With AWS Control Tower, builders can provision new AWS accounts in a few clicks, while knowing new accounts conform to company-wide policies.	N/A

Pricing

AWS CloudTrail

AWS Control Tower

Editions & Modules

No answers on this topic

Offerings

Pricing Offerings
AWS CloudTrail	AWS Control Tower
Free Trial
Yes	No
Free/Freemium Version
Yes	No
Premium Consulting/Integration Services
Yes	No

Entry-level Setup Fee

No setup fee

Additional Details

You can view, filter, and download the most recent 90 days of your account activity for all management events in supported AWS services free of charge. You can set up a trail that delivers a single copy of management events in each region free of charge. Once a CloudTrail trail is set up, Amazon S3 charges apply based on your usage. You will be charged for any data events or additional copies of management events recorded in that region. In addition, you can choose CloudTrail Insights by enabling Insights events in your trails. CloudTrail Insights analyzes write management events, and you are charged based on the number of events that are analyzed in that region.

—

More Pricing Information

Community Pulse
	AWS CloudTrail	AWS Control Tower
Top Pros	Pro Easy implementation Pro Extremely powerful Pro Ec2 instance	Pro Use case Pro Quick and easy Pro Network management
Top Cons	Minus 90 days Minus User interface	Minus End up Minus Make it simple Minus Import process

Best Alternatives
	AWS CloudTrail	AWS Control Tower
Small Businesses	Acronis Cyber Protect Cloud Score 8.4 out of 10	Acronis Cyber Protect Cloud Score 8.4 out of 10
Medium-sized Companies	Druva Data Resiliency Cloud Score 9.7 out of 10	Druva Data Resiliency Cloud Score 9.7 out of 10
Enterprises	Druva Data Resiliency Cloud Score 9.7 out of 10	Druva Data Resiliency Cloud Score 9.7 out of 10
All Alternatives	View all alternatives	View all alternatives

User Ratings
	AWS CloudTrail	AWS Control Tower
Likelihood to Recommend	8.0 (4 ratings)	8.8 (4 ratings)
Usability	- (0 ratings)	8.0 (1 ratings)

User Testimonials
	AWS CloudTrail	AWS Control Tower
Likelihood to Recommend	Amazon AWS It is necessary to enable [AWS] Cloudtrail when using AWS in a production environment, otherwise you will not have any idea what is happening within your accounts. Third party monitoring applications will all require [AWS] CloudTrail to be enabled as well. I would not recommend it solely as a monitoring tool, to get the most out of it you must send the logs elsewhere. Either to Cloudwatch logs or a third party product. Incentivized Verified User Anonymous Read full review	Amazon AWS We were wanting to prove the concept of a low touch process for quickly spinning up boilerplate AWS environments. We were able to get started quickly and to ensure that the AWS Well-Architected Framework principles were followed - at least upfront - however, we found that for our use case and expertise level it ultimately wasn't a fit. We have the skills on our team to manage more of this on our own. My recommendation would be contingent on what skills are already available on your team: if you can "do it yourself" you might as well so that you don't pay for resources you don't need and you have finer grain control over what's created. Incentivized Verified User Anonymous Read full review
Pros	Amazon AWS API Log User activity tracking Real-time alerts Incentivized AS Anton Smyslov Product Owner Read full review	Amazon AWS Easily create new AWS accounts. Easily secure and manage AWS accounts. Landing zone with SSO is a huge win for larger teams. Incentivized KM kevin mcgillicuddy IT Infrastructure Supervisor Read full review
Cons	Amazon AWS [In my experience] Cost can easily get out of control with multiple trails on full logging Logs can be difficult to decipher Incentivized Verified User Anonymous Read full review	Amazon AWS The AWS SSO GUI is not very intuitive and determining how to apply policies to users without creating redundant logins has been a challenge. The default guardrails do not fully encompass all the security checks that we needed. There does not appear to be any way to control roles at the IAM level from the control tower account through the GUI. Some features on AWS accounts still require logging into the individual account with the root user and cannot be done from AWS Control Tower. Incentivized AK Alex Kranz Senior System Administrator Read full review
Usability	Amazon AWS No answers on this topic	Amazon AWS There is no way to easily close an AWS account whether it was created manually or via the AWS Control Tower. It takes too many steps to close it vs to provision a new AWS account Incentivized Arkadiusz Góral Lead Engineer Read full review
Alternatives Considered	Amazon AWS I think in the end, CloudTrail has more features and you can dive deeper inside the logs so it depends on your usage and what you expect in the end to make the right choice, I would say that both tools are really useful and bring a lot of benefits to I.T. companies. Incentivized Verified User Anonymous Read full review	Amazon AWS Using AWS Systems Manager and other slightly lower level components has been helpful for us to manage parts of our AWS presence at a more granular level than AWS Control Tower was designed for. It's not at all an apples-to-apples comparison as they solve different use cases, but for us, the use case associated with AWS Systems Manager was a better fit for our specific needs and skillsets. We did not need everything that AWS Control Tower was doing for us. Incentivized Verified User Anonymous Read full review
Return on Investment	Amazon AWS Allows us to investigate any strange api actions Increases security Audit trail of changes made in AWS Incentivized Verified User Anonymous Read full review	Amazon AWS Less time manually deploying accounts which was error prone. Central logging allowed us to have 1 place to view logs. Incentivized KM kevin mcgillicuddy IT Infrastructure Supervisor Read full review
ScreenShots	AWS CloudTrail Screenshots