Core Accounts for AWS Control Tower

Now you can actually customize your core accounts for AWS Control Tower. Prior to this update, you were locked into Control Tower in your first deployment when setting up the landing zone, setting up a bunch of different accounts for you. This didn’t work in all use cases. Some companies already would have their security account or their audit account set up, and they may want a single place for a login, for example.

And so now with these core account changes, you can actually delegate those accounts out and use your currently provisioned AWS accounts for things like logging or security, making it more centralized. You don’t have to split your logs between two different accounts for different things, and it can be all in one place. This opens the door to a lot more possibilities for some of those larger enterprises that already have these well-established security and logging accounts prior to their AWS Control Tower Deployments.

They don’t have to collect logs from two different places, for example. Hence, there’s a much lower barrier to entry for an AWS Control Tower now if you have a pre-existing infrastructure. There used to be limitations around importing accounts into AWS Control Tower or overlaps of features. Most of those have been eliminated. 

You could take an existing security account, for example, and you could import it into AWS Control Tower and then make that your security account of record for your AWS Control Tower deployment. This opens even more possibilities for a lot of these larger customers that are trying to adopt cloud and have AWS Control Tower be that single point of governance for their entire organization.

With lower barriers to entry than ever before, AWS Control Tower offers the best multi-account management solution on AWS. Are you interested in leveraging AWS Control Tower to manage and govern your accounts and establish secure & scalable cloud foundations? Check out our AWS Control Tower Catalyst.