Control tower is a must for separation of concerns
Overall Satisfaction with AWS Control Tower
We started using AWS Control Tower to split up our workloads into separate accounts to follow the AWS well-architected framework. AWS Control Tower makes it easy to create new accounts and drive policies across them all. So our root account handles creating other accounts for us and ensures they all have logging and our security practices in place.
Pros
- Easily create new AWS accounts.
- Easily secure and manage AWS accounts.
- Landing zone with SSO is a huge win for larger teams.
Cons
- Can be slow at times to reflect changes.
- The GUI in the console is not always the most user-friendly and errors can be non-descript.
- Cannot change some key info about an account from AWS Control Tower once it's provisioned.
- Security
- Central logging
- SSO support
- Less time manually deploying accounts which was error prone.
- Central logging allowed us to have 1 place to view logs.
We did not look at other vendors because we generally want to try to use AWS native products as much as possible for greater support directly from AWS and to reduce 3rd party priority shifts.
Do you think AWS Control Tower delivers good value for the price?
Yes
Are you happy with AWS Control Tower's feature set?
Yes
Did AWS Control Tower live up to sales and marketing promises?
Yes
Did implementation of AWS Control Tower go as expected?
Yes
Would you buy AWS Control Tower again?
Yes
Comments
Please log in to join the conversation