Skip to main content
TrustRadius
AWS Control Tower

AWS Control Tower

Overview

What is AWS Control Tower?

The vendor presents AWS Control Tower as the easiest way to set up and govern a new, secure multi-account AWS environment. With AWS Control Tower, builders can provision new AWS accounts in a few clicks, while knowing new accounts conform…

Read more

Learn from top reviewers

Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is AWS Control Tower?

The vendor presents AWS Control Tower as the easiest way to set up and govern a new, secure multi-account AWS environment. With AWS Control Tower, builders can provision new AWS accounts in a few clicks, while knowing new accounts conform to company-wide policies.

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

3 people also want pricing

Alternatives Pricing

What is AlienVault USM?

AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments,…

What is Cisco Duo?

Cisco Duo is a two-factor authentication system (2FA), acquired by Cisco in October 2018. It provides single sign-on (SSO) and endpoint visibility, as well as access controls and policy controlled adaptive authentication.

Return to navigation

Product Demos

AWS Control Tower set up demo (English).

YouTube

AWS Control Tower Account Factory (English)

YouTube

AWS Control Tower Tutorial / Deep Dive / Demo - Implement AWS Landing zone using AWS Control Tower

YouTube
Return to navigation

Product Details

What is AWS Control Tower?

AWS Control Tower Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(10)

Reviews

(1-4 of 4)

AWS Control Tower in multi AWS account scenarios

Rating: 9 out of 10
September 25, 2023
AG
Vetted Review
Verified User
AWS Control Tower
2 years of experience
AWS Control Tower allows me to provision predefined compliant and secure AWS accounts in an automated fashion
  • AWS Control Tower integrates with AWS Organizations
  • AWS Control Tower provides Account Factory to provision preconfigured AWS accounts
  • AWS Control Tower helps to isolate workloads and billing via AWS accounts separation
  • AWS Control Tower supports data residency controls out of the box
  • AWS Control Tower supports post provisioning actions to newly provisioned AWS accounts: for example it can trigger enabling VPC flow logs in the new account
Cons
  • If possible it would be nice to see an automated option to close AWS accounts created with the Account Factory
Multi - account scenario is perfect example where AWS Control Tower should be used - to separate workloads in individual accounts. I.E. development and production in different accounts with separate billing
  • Multi account support
  • Integration with various services - Cloud formation / stack/stackset concepts
  • SSO integration
  • Preconfiguration of newly created accounts
  • Provisioning new AWS accounts without need to use credit card for each of the new accounts - all works on a credit card used to set up the master account.
  • It helped to separate billing for dev/prod/uat workloads, making it easier to control how much developers are spending.
AWS Control Tower is an extension of AWS Organizations - think of it like the Organiztions on steroids.
No
  • Scalability
  • Integration with Other Systems
  • Ease of Use
This is a unique solution solving a particular problem : provisioning AWS accounts and preconfiguring them so they are ready to use and secure out of the box.
There is no way to easily close an AWS account whether it was created manually or via the AWS Control Tower. It takes too many steps to close it vs to provision a new AWS account
  • Provisioning of new AWS accounts that are preconfigured
  • Applying data residency controls within a single click
  • Managing user access
  • Closing AWS accounts automatically is impossible
  • The service catalog integration is little bit complex
  • AWS SSO
  • AWS Security Hub
  • AWS GuardDuty
  • Lots of AWS services integrates well with the Control Tower
  • Single Signon

Control tower is a must for separation of concerns

Rating: 9 out of 10
May 06, 2022
km
Vetted Review
Verified User
AWS Control Tower
2 years of experience
We started using AWS Control Tower to split up our workloads into separate accounts to follow the AWS well-architected framework. AWS Control Tower makes it easy to create new accounts and drive policies across them all. So our root account handles creating other accounts for us and ensures they all have logging and our security practices in place.
  • Easily create new AWS accounts.
  • Easily secure and manage AWS accounts.
  • Landing zone with SSO is a huge win for larger teams.
Cons
  • Can be slow at times to reflect changes.
  • The GUI in the console is not always the most user-friendly and errors can be non-descript.
  • Cannot change some key info about an account from AWS Control Tower once it's provisioned.
AWS Control Tower is great if you have multiple organizations or disciplines inside a company that needs to be separated for billing purposes or separation of concern. Multiple accounts is part of AWS's well-architected framework and are generally a good idea. AWS Control Tower makes central logging easy which enables those logs to be quickly picked up by a logging tool to provide even more reports and insight. For smaller organizations, AWS Control Tower may seem like an over-engineered solution
  • Security
  • Central logging
  • SSO support
  • Less time manually deploying accounts which was error prone.
  • Central logging allowed us to have 1 place to view logs.
We did not look at other vendors because we generally want to try to use AWS native products as much as possible for greater support directly from AWS and to reduce 3rd party priority shifts.

AWS Control Tower makes multi-account AWS management easy

Rating: 9 out of 10
May 05, 2022
AK
Vetted Review
Verified User
AWS Control Tower
1 year of experience
We have multiple companies along with multiple clients that require separate AWS accounts. With AWS Control Tower it makes it simple and easy to have a central point to monitor and control all the AWS accounts.
  • Guardrails make securing accounts easy and quick.
  • AWS SSO allows us a central point for controlling users and groups across each account.
  • Centralized logging serves as a single point to monitor each environment.
  • Landing zones allow us to apply templates for each account and customize each one from a central point as well.
Cons
  • The AWS SSO GUI is not very intuitive and determining how to apply policies to users without creating redundant logins has been a challenge.
  • The default guardrails do not fully encompass all the security checks that we needed.
  • There does not appear to be any way to control roles at the IAM level from the control tower account through the GUI.
  • Some features on AWS accounts still require logging into the individual account with the root user and cannot be done from AWS Control Tower.
If you have more than 3 AWS accounts or strict security requirements (e.g PCI, SOC II) Control Tower is a must. If you only have 1-2 accounts and few users the added complexity of the control tower is likely not worth the time.
  • SSO and Federated services
  • Landing Zones and guardrails
  • Central logging
  • AWS Control tower allowed us to drop several third-party vendors for security appliances and logging, which saved us considerable funds.
  • AWS Control tower reduced the amount of time we spend deploying AWS accounts.
  • AWS Control tower reduced the amount of time we have to spend on quarterly security audits.

AWS Control Tower: an AWS Framework that might be more than you need

Rating: 7 out of 10
May 05, 2022
Vetted Review
Verified User
AWS Control Tower
1 year of experience
AWS Control Tower allows you to set up a baseline environment, in the parlance of Control Tower, this is called a landing zone. The value adds of this product is that the default baseline environment that is set up by AWS Control Tower includes AWS best practices by default. This includes best practices from AWS Well-Architected Framework. In our case, we were interested in experimenting with a lower overhead setup for an ancillary AWS account.
  • I like being able to see policy-level summaries of my AWS environment.
  • It is great for moving quickly with minimal risk of severe blunders.
  • Provisioning a new account within the purview of the Control Tower is quick and easy.
Cons
  • This level of abstraction leaves you vulnerable to not knowing exactly what's been created, and that can enable you to mess things up.
  • Because it provisions things on your behalf, you might end up paying for resources you don't need.
  • The import process of existing accounts, which we did not end up pursuing, is tedious and manual.
We were wanting to prove the concept of a low touch process for quickly spinning up boilerplate AWS environments. We were able to get started quickly and to ensure that the AWS Well-Architected Framework principles were followed - at least upfront - however, we found that for our use case and expertise level it ultimately wasn't a fit. We have the skills on our team to manage more of this on our own. My recommendation would be contingent on what skills are already available on your team: if you can "do it yourself" you might as well so that you don't pay for resources you don't need and you have finer grain control over what's created.
  • Low barrier to entry
  • AWS Well Architected Framework best practices built in.
  • Easy to navigate account summary of resources.
  • It was ultimately a neutral impact for us as we didn't pursue it very far.
  • It would not be the right fit for us given that we have the skills to roll these things on our own.
  • It would have been more expensive than strictly necessary because it provisions resources you don't necessarily need.
Using AWS Systems Manager and other slightly lower level components has been helpful for us to manage parts of our AWS presence at a more granular level than AWS Control Tower was designed for. It's not at all an apples-to-apples comparison as they solve different use cases, but for us, the use case associated with AWS Systems Manager was a better fit for our specific needs and skillsets. We did not need everything that AWS Control Tower was doing for us.
Return to navigation