AWS Control Tower makes multi-account AWS management easy
Overall Satisfaction with AWS Control Tower
We have multiple companies along with multiple clients that require separate AWS accounts. With AWS Control Tower it makes it simple and easy to have a central point to monitor and control all the AWS accounts.
Pros
- Guardrails make securing accounts easy and quick.
- AWS SSO allows us a central point for controlling users and groups across each account.
- Centralized logging serves as a single point to monitor each environment.
- Landing zones allow us to apply templates for each account and customize each one from a central point as well.
Cons
- The AWS SSO GUI is not very intuitive and determining how to apply policies to users without creating redundant logins has been a challenge.
- The default guardrails do not fully encompass all the security checks that we needed.
- There does not appear to be any way to control roles at the IAM level from the control tower account through the GUI.
- Some features on AWS accounts still require logging into the individual account with the root user and cannot be done from AWS Control Tower.
- SSO and Federated services
- Landing Zones and guardrails
- Central logging
- AWS Control tower allowed us to drop several third-party vendors for security appliances and logging, which saved us considerable funds.
- AWS Control tower reduced the amount of time we spend deploying AWS accounts.
- AWS Control tower reduced the amount of time we have to spend on quarterly security audits.
Do you think AWS Control Tower delivers good value for the price?
Yes
Are you happy with AWS Control Tower's feature set?
Yes
Did AWS Control Tower live up to sales and marketing promises?
Yes
Did implementation of AWS Control Tower go as expected?
Yes
Would you buy AWS Control Tower again?
Yes
Comments
Please log in to join the conversation