AWS Control Tower now allows you to use existing security and logging accounts, and extend Control Tower governance to your existing AWS environment. Learn how this improves your account flexibility and governance.
AWS will end support for Amazon Pinpoint on October 30, 2026. Learn what's going away and what's surviving, what your migration options are, and how to quickly audit your environment to see your exposure.
Explore all the exciting announcements from Dr. Ruba Borno's partner keynote. From the general availability of AWS Transform compatibility to new AWS Marketplace capabilities, the updates showcased powerful new ways for partners to deliver value.
Explore major advancements across the agentic AI stack announced during Swami Sivasubramanian's AWS re:Invent 2025 keynote—from updates to Amazon Bedrock, Kiro, and Strands Agents, to expanded fine-tuning options and powerful identity and memory capabilities within AgentCore.
Zach Tuttle is a Principal Customer Solutions Architect with over 25 years of IT experience, including a decade focused on on-premise VMware-based data centers. For the past nine years, he has been working with AWS partners, empowering customers to successfully build and innovate on AWS. Zach is particularly passionate about guiding customers through their initial steps into cloud computing and DevOps. He enjoys being involved with his two kids sports activities, cooking and home DIY renovation.
View Zach's articlesNow you can actually customize your core accounts for AWS Control Tower. Prior to this update, you were locked into Control Tower in your first deployment when setting up the landing zone, setting up a bunch of different accounts for you. This didn't work in all use cases. Some companies already would have their security account or their audit account set up, and they may want a single place for a login, for example.
And so now with these core account changes, you can actually delegate those accounts out and use your currently provisioned AWS accounts for things like logging or security, making it more centralized. You don't have to split your logs between two different accounts for different things, and it can be all in one place. This opens the door to a lot more possibilities for some of those larger enterprises that already have these well-established security and logging accounts prior to their AWS Control Tower Deployments.
They don't have to collect logs from two different places, for example. Hence, there's a much lower barrier to entry for an AWS Control Tower now if you have a pre-existing infrastructure. There used to be limitations around importing accounts into AWS Control Tower or overlaps of features. Most of those have been eliminated.
You could take an existing security account, for example, and you could import it into AWS Control Tower and then make that your security account of record for your AWS Control Tower deployment. This opens even more possibilities for a lot of these larger customers that are trying to adopt cloud and have AWS Control Tower be that single point of governance for their entire organization.
With lower barriers to entry than ever before, AWS Control Tower offers the best multi-account management solution on AWS. Are you interested in leveraging AWS Control Tower to manage and govern your accounts and establish secure & scalable cloud foundations? Check out our AWS Control Tower Caylent Catalyst.
Pete Bird
Zach Tuttle
