<h1 id="heading-control-tower">Control Tower</h1>
<ul>
<li>Easy way to set up and govern a secure and compliant multi-account AWS environment based on best practices
</li>
<li>AWS Control Tower uses AWS Organizations to create accounts
</li>
<li>Benefits:
<ul>
<li>Automate the set up of your environment in a few clicks
</li>
<li>Automate ongoing policy management using guardrails
</li>
<li>Detect policy violations and remediate them
</li>
<li>Monitor compliance through an interactive dashboard
</li>
</ul>
</li>
</ul>
<h2 id="heading-control-tower-guardrails">Control Tower – Guardrails</h2>
<ul>
<li>Provides ongoing governance for your Control Tower environment (AWS Accounts)
</li>
<li>Two types:
<ul>
<li>Preventive Guardrail – using SCPs (e.g., Restrict Regions across all your accounts)
</li>
<li>Detective Guardrail – using AWS Config (e.g., identify untagged resources)
</li>
</ul>
</li>
</ul>

# Control Tower

* Easy way to **set up and govern a secure and compliant multi-account AWS environment** based on best practices
    
* AWS Control Tower uses **AWS Organizations** to create accounts
    
* Benefits:
    
    * Automate the set up of your environment in a few clicks
        
    * Automate ongoing policy management using guardrails
        
    * Detect policy violations and remediate them
        
    * Monitor compliance through an interactive dashboard
        

## Control Tower – Guardrails

* Provides ongoing governance for your Control Tower environment (AWS Accounts)
    
* Two types:
    
    * **Preventive Guardrail – using SCPs** (e.g., Restrict Regions across all your accounts)
        
    * **Detective Guardrail – using AWS Config** (e.g., identify untagged resources)

Establish a secure multi-account AWS environment with AWS Control Tower using automation, guardrails, and compliance monitoring

Control Tower

Table of contents

Control Tower

Control Tower – Guardrails