Overall Satisfaction with AWS Control Tower
AWS Control Tower allows me to provision predefined compliant and secure AWS accounts in an automated fashion
- AWS Control Tower integrates with AWS Organizations
- AWS Control Tower provides Account Factory to provision preconfigured AWS accounts
- AWS Control Tower helps to isolate workloads and billing via AWS accounts separation
- AWS Control Tower supports data residency controls out of the box
- AWS Control Tower supports post provisioning actions to newly provisioned AWS accounts: for example it can trigger enabling VPC flow logs in the new account
- If possible it would be nice to see an automated option to close AWS accounts created with the Account Factory
- Multi account support
- Integration with various services - Cloud formation / stack/stackset concepts
- SSO integration
- Preconfiguration of newly created accounts
- Provisioning new AWS accounts without need to use credit card for each of the new accounts - all works on a credit card used to set up the master account.
- It helped to separate billing for dev/prod/uat workloads, making it easier to control how much developers are spending.
AWS Control Tower is an extension of AWS Organizations - think of it like the Organiztions on steroids.
Do you think AWS Control Tower delivers good value for the price?
Yes
Are you happy with AWS Control Tower's feature set?
Yes
Did AWS Control Tower live up to sales and marketing promises?
Yes
Did implementation of AWS Control Tower go as expected?
Yes
Would you buy AWS Control Tower again?
Yes
Evaluating AWS Control Tower and Competitors
- Scalability
- Integration with Other Systems
- Ease of Use
This is a unique solution solving a particular problem : provisioning AWS accounts and preconfiguring them so they are ready to use and secure out of the box.
Using AWS Control Tower
Pros | Cons |
---|---|
Like to use Technical support not required Well integrated Consistent Quick to learn Convenient Feel confident using | Lots to learn |
- Provisioning of new AWS accounts that are preconfigured
- Applying data residency controls within a single click
- Managing user access
- Closing AWS accounts automatically is impossible
- The service catalog integration is little bit complex
Integrating AWS Control Tower
- AWS SSO
- AWS Security Hub
- AWS GuardDuty
- Lots of AWS services integrates well with the Control Tower
- Single Signon