What’s Control Tower?

• Set up and govern multi-account environments
• It’s an extension of “AWS Organizations”
• Good for security and governance

Why use it?

• Deploying apps to multiple accounts is a big paradigm in AWS
• Provides additional control / presets

How’s it work?

• Creates a multi-account baseline called a landing zone:
• LZ creates organizational units (OU’s) and accounts for us
  • Security best practices are baked in already

Etc.

• If you don’t have an org, control tower will make one for you
• What’s a landing zone? Look above.
• Two types of guardrails:
  • Preventative
  • Detective