AWS Control Tower Reviews

When the company was facing certain downtime and latency in their AWS accounts, and they wanted to integrate multiple AWS accounts to improve flexibility and performance, I suggested using AWS Control Tower to set up a well-architected multi-account environment. It is used to effectively manage multiple accounts, including one dedicated to data residency compliance, which is crucial, especially for email operations.

It aligns well with the customer's needs and it ultimately fosters a strong customer-company relationship.

The way they currently handle security logs and company-wide logging could be improved as centralizing these systems would make it much easier to trace any security breaches. Without proper tracking of API logs and timely resolution of errors, the company could face significant financial losses. By making APIs and organizational units more centralized, it would be simpler to pinpoint the source of issues in case of a breach and would ultimately benefit everyone involved.

I find it to be extremely stable, and I would rate it a nine out of ten. AWS Control Tower also offers comprehensive documentation regarding the regions where it can operate effectively, which contributes to its reliability.

I would rate its scalability capabilities eight out of ten.

I have used numerous solutions such as AWS CloudFormation, IAM, Terraform, and their various components to create a wide range of projects in the cloud environment.

It is notably user-friendly because it provides default values and guidance. For instance, when setting up the two organizations, they offer predefined names for the sandbox and security accounts. When inputting names for the audit and log accounts, they also provide explanations. This user-friendly approach makes it accessible even for someone with no prior AWS experience. It's quite intuitive, especially with the provided guidance.

The deployment process depends on the resources being utilized and the scale of the deployment. If you aim to implement governance across multiple regions, it can be time-consuming because provisioning resources in each of those regions may require additional time and effort.

I have been able to assist clients in determining cost-effective solutions based on their specific needs. The pay-as-you-go model ensures you're only charged for what you use, which offers great flexibility for different types of companies.

Without the correct setup, users may encounter errors and mishaps with AWS Control Tower. To avoid these issues, I would recommend ensuring they establish an AWS organization correctly, configure services accordingly, and enable the appropriate policies that align with AWS best practices. Overall, it is an excellent product. I would rate it a nine out of ten considering all the factors.

It is an efficient solution for managing multiple AWS accounts and ensuring the correct structure and settings are in place. It allows for the creation of different organizational units and the application of various security policies and use cases. It provides centralized solutions for all AWS accounts in one place, customized to meet the organization's specific needs. It is a mandatory tool for those who work with multiple AWS accounts and want to effectively manage their cloud strategy.

It offers various valuable features. One of them is centralized authentication, allowing for single sign-on across all AWS accounts. Another feature is Guardrails, which are security policies applied to each organizational unit, ensuring appropriate permission levels. The service catalog is another strong feature, enabling the provision of centralized solutions to specific organization units. Control Tower also facilitates the management and sharing of automation pieces. Overall, it provides all the necessary tools for effectively managing multiple AWS accounts.

Previously, AWS Organizations was responsible for managing accounts in AWS, but with the introduction of AWS Control Tower, these services became incompatible. This creates challenges as changes made in one service may not be visible in the other. The process of closing an AWS account using Control Tower needs improvements to simplify it, especially when managing multiple accounts. AWS Control Tower should also include additional solutions like a centralized scheduler to automate compute schedules and other maintenance and structure planning actions, enhancing the overall user experience.

We have been using it for a few years since its initial release. We experienced initial challenges and issues with the service but have observed improvements over time.

It is generally stable, although there may be occasional instances where certain features or details do not work as expected. It is considered the correct and reliable way to manage multiple AWS accounts. The service is regularly updated by AWS, indicating a commitment to its stability and improvement. While there is room for improvement, it is still regarded as a stable service.

It has a limitation that only one account can be provisioned at a time, which may seem restrictive, but it doesn't have a significant impact on the overall work as it is a centralized task that is not done frequently. The ability to increase capacity and functionality aligns well with most user's needs. It is not a service that is used on-demand, but rather it becomes an integral part of the overall architecture and structure. Once implemented, it serves as the framework and foundation for the entire production environment and it is consistently used in the daily operations of the organization.

The support level is highly satisfactory. AWS provides a good knowledge base and experience for end-users. In our case, we utilize enterprise support, which ensures quick and professional responses to our queries. I would rate it eight out of ten.

Positive

We used AWS Organizations, but we switched to AWS Control Tower as it provides a more enriched set of services to effectively handle network security, governance, and centralized challenges across multiple accounts. The decision to adopt AWS Control Tower was a correct choice for improved account management.

Our team has developed an automated solution that utilizes AWS Control Tower to create new AWS accounts tailored to our specific security requirements and organizational needs. We have automated the process of provisioning service quota and deploying our application using its features. This end-to-end experience allows us to deploy a new solution from scratch with just a few lines of code. While I was able to complete the process myself, it is advisable to involve at least two or three team members for proper planning and handling of various aspects during the setup. Automating is a relatively quick process, taking a couple of hours, but customizing and building the correct structure can be time-consuming. It may take a few months to define and build the desired end-to-end experience. The duration depends on the specific goals and customization involved.

It significantly reduces the human effort required to manage multiple AWS accounts. Instead of individually changing settings for each account, users can make changes at the Control Tower level, allowing for streamlined and time-saving account management. It also provides centralized governance and a standardized structure for various aspects like security, billing, logging, and authentication across all accounts. This centralized approach enhances efficiency and helps maintain consistency throughout the organization's AWS environment.

The pricing is efficient, not overly expensive but also not very cheap. While there are additional costs associated with managing multiple accounts using Control Tower, the service itself does not have any extra charges for account management. There may be some side costs such as centralized logging, but overall, it is a cost-effective solution. I would rate it five out of ten.

For businesses that need to handle multiple AWS accounts, implementing AWS Control Tower is highly recommended and almost mandatory. It provides the necessary features and capabilities to efficiently manage and govern multiple accounts, making it a valuable solution for such scenarios. I would rate it eight out of ten.

The last client I used Control Tool for was moving from on-premises to cloud, moving from a foundational environment to building on top of what the resources would rely on. Control Tower was one of the tools we used because it was good at building or integrating landing zones. The main reason for the shift was to keep the environment compliant and secure. The window would show LAN connections with speed and how large it was. We had to set up a landing zone in this environment, and the landing zone came with a management account. This management account was with other accounts like AWS Organization and single sign-on.

Control Tower helped make the environment stay compliant and secure. It worked with the AWS backend to improve the organization by managing multiple accounts in the entire structure.

Security is the most valuable feature of Control Tower.

You don't do anything when you set up these landing zones, such as the AWS Organization single sign-on. Everything is preconfigured, and you just have to do automation. Everything is established in the environment. If Control Tower could do this, it would be much better where all the security tools are already in it. I know AWS has its security tools, like Security Hub and Cloud Check, with minimal configuration. It would be much better if you set up the landing zone, which is the master account in the foundation of the environment, and all these tools are included. You should just get to go in and go, "Okay, I need this at this particular time." You should get to go in and do it. There should be more automation security tools in the Control Tower.

I've used Control Tower for three or four years, and I'm using the latest version.

I rate Control Tower's stability an eight out of ten.

I rate Control Tower's scalability an eight out of ten.

The initial setup was straightforward because a lot of automation goes on. You just have to show someone two or three things, and they can go ahead and do it. Especially setting up landing zones. You can show them what you know, what they have to do, and what they want to do with the organization simultaneously. When setting up these landing zones, they all have to be linked to a single sign-on. You need to integrate that and extend approval to other active directories like Okta because that's not automatic. You have to do that yourself. But the basic features are easy to set up because a lot of automation goes on.

The price depends on what you want to do. For example, if you want EC2, choose micro or whatever. If you choose EC2, maybe it has to run for 24 hours, but that would be different from someone who has to run the tool for two hours or one hour. With my personal AWS account, I sometimes leave it running without knowing.

Before choosing Control Tower, you must know what you want to do. I've noticed that most people who use it leave on-premises to go to the cloud. You shouldn't be in the cloud before thinking of using Control Tower. If you move into the cloud, you need the foundation to start something. You need somewhere to run your resources. When migrating into the cloud, you have to go for Control Tower. It will provide the best practices when setting up a landing zone. All the other solutions, like Account Factory and all of that, start from the foundation. People who have been in the industry for many years want cloud control. AWS Organization and single sign-on come automatically with Control Tower, but you can still create AWS Organization and single sign-on out of Control Tower. You need to know what you want to do with Control Tower. You need to know what to do with the solution's security capabilities.

I rate AWS Control Tower a nine out of ten.

I'm using the solution for account security and governance.

I've used AWS Control Tower as an additional account security and governance layer. This client reached out to us because they had security problems in their accounts, and they wanted us to assist them with some security strategies. I started by helping them build a solid foundation where their accounts could be managed. When I talk about managing accounts, they could use AWS organization and Control Tower as an additional layer for security best practices. This means I would build a management account to enable the AWS organization to create different organizational units, which will act as a container for managing the AWS accounts with the organization's customers. With AWS Control Tower, I could build a landing zone for account best practices, which means implementing guardrails in AWS Control Tower. There are 24 guardrails. We have preventive and detective guardrails. Preventive guardrails use an SAP policy, which limits identities from performing certain actions within the AWS accounts. Apart from that, I was also able to make detective guardrails, which help to detect certain abnormalities or certain activities being done by identities within that environment. And these activities may make our environments non-compliant. It sends alerts to us so we can revoke anything done in that account.

There are two features in Control Tower which are the most valuable. One is the guardrails because it has preventive and detective guardrails. I also like SSO, which is single sign-on, because single sign-on helps in our AWS organization. And with guardrails, it helps to limit identities from performing certain actions in that AWS account.

I think AWS Control Tower can improve on its guardrails and the SAP policies. These are policies that help to prevent users from performing certain actions in an AWS account in that AWS organization. Security is important, and AWS Control Tower is used mostly for security. The solution's stability could be improved as well.

I have five years of experience with AWS Control Tower.

I rate AWS Control Tower's stability a five out of ten.

I give AWS Control Tower's scalability an eight out of ten.

The initial setup was straightforward.

AWS Control Tower is not really that expensive.

Control Tower is an additional layer of security providing multi-account governance and compliance, which is an additional layer of security in an AWS organization. Every company would like to have a 90% or 100% secure environment. I advise companies to choose AWS Control Tower because it has that additional layer of security on AWS accounts. We have preventive and detective guardrails. It prevents things from happening in that organization, and when things happen, it can detect who did what when in an AWS organization. The detective guardrails give you everything: the time, the person, and everything done. You can easily trace who did what in an AWS account.

I rate AWS Control Tower an eight out of ten.

We've been using it for a considerable period. We had a large enterprise with multiple teams and projects, and we employed AWS Tower to streamline the setup and management of multiple AWS accounts, each with its own predefined guidelines and configurations. This was particularly beneficial for our organization, which has strict security and compliance requirements. AWS Tower played a crucial role in enforcing best practices and policies across these AWS accounts, ensuring they were provisioned with the necessary security controls and configurations. This approach significantly reduced the chances of misconfigurations and unauthorized access.

Additionally, we utilized AWS Control Tower to facilitate the creation of new AWS accounts for various projects, teams, and departments. We leveraged the account factory feature to automate the provisioning of new accounts, including defined variables and configurations. This automation considerably reduced the time and effort required to set up a new account.

In my capacity as a DevOps engineer, I've had the opportunity to utilize AWS Tower to enhance our organization's management of AWS infrastructure at an enterprise level. It has played a crucial role in achieving consistent governance and security standards across our multiple AWS accounts. I took the lead on a project aimed at centralizing and optimizing AWS account management to cater to various departments and projects while ensuring stringent security and compliance. AWS Tower served as the cornerstone of this initiative.

During the implementation phase, I began by configuring a landing zone using AWS Control Tower. This landing zone incorporated best practices in networking, security controls, and identity management. I then customized it to align with our organization's specific security requirements, effectively establishing a secure foundation for all our AWS accounts.

The most significant benefit of Control Tower is its capability to align with our organization's standards. The primary advantage is the consistency it brings to governance, allowing us to enforce security policies and automate account provisioning. It plays a crucial role in ensuring security and compliance, which is a top priority for our company. Additionally, it simplifies management and aids in cost control. It offers customization and flexibility, as well as scalability to support our organization's growth.           

There's room for improvement in several security aspects. While AWS Tower provides predefined guardrails for enforcing security and compliance, offering more customizable options would be beneficial. Allowing organizations to define custom guardrails or modify existing ones to align with specific security and compliance requirements would enhance flexibility.

Integration with popular third-party DevOps and security tools could streamline workflows. Moreover, introducing more advanced governance policies would enable organizations to define and enforce complex policies effectively. Improving support for multi-region configurations is essential, along with simplifying ongoing management, such as enhancing the AWS Control Tower custom dashboard.

Advanced notifications and alerts, including integration with popular incident management tools, would be valuable additions. Lastly, establishing a robust feedback mechanism and actively engaging with the user community could provide valuable insights for further improvement.

I have worked with AWS Control Tower for about six years.

I would rate the stability a six out of ten. 

I would rate the scalability a seven out of ten.

The initial setup is complex.

It is expensive but it is an investment.

To make effective use of AWS, organizations should start by assessing their AWS usage and being transparent about their pricing requirements. They need to understand the specific needs of their organization and evaluate whether the AWS Control Tower features align with those needs. It's important to thoroughly research the available capabilities of AWS Tower and determine if it can provide the necessary support. Customization should be considered to tailor the solution to their unique requirements. Organizations should also assess their integration needs, explore automation opportunities for improved efficiency, and review their multi-account strategy. Scalability and future readiness should be factored in when making decisions. Additionally, they should closely examine the pricing structure and consider engaging with AWS support. They can collect valuable feedback from peers which can help in the decision-making process.

I would rate the overall product a nine out of ten.

AWS Control Tower helps to save a lot of work and manage multiple accounts. 

The tool's setup is very technical. Its pricing can be cheaper. 

I have been working with the product for three years. 

AWS Control Tower's stability is excellent. 

The product is very scalable. My company has two users for the product. 

I rate AWS Control Tower a ten out of ten since it is easy and automated. 

At the moment, I can't comment on the features of the tool since it is not a necessary tool. However, it is a good tool to manage and centralize, especially for managing the servers and certain features on the cloud. Even though there are solutions that offer functionalities similar to AWS Control Tower, I don't know how to use any of them.

While using the solution recently, it broke a certain activity. So, AWS Control Tower needs to consider making the solution better.

I have experience with AWS Control Tower.

I know how to use it, and I am comfortable with AWS Control Tower. Scalability-wise, I rate it a seven out of ten.

I rate the technical support an eight out of ten.

Positive

The solution's initial setup was easy for me.

In Brazil, pricing for AWS Control Tower is very, very high. On a scale of one to ten, where one is a low price and ten is a high price, I rate the pricing an eight.

I think AWS Control Tower is a good solution, and I am comfortable understanding its functionalities. At the moment, I do not use stack-up solutions in any of my operations in a day, but I understand the channel that they help you to apply applications for the use of customers. I rate the overall product a five out of ten.

We use the product to streamline AWS account management. 

AWS Control Tower helps companies save costs. 

I like the tool's customization and configuration. 

AWS Control Tower should improve its fast execution. It also needs more tools for triggering and monitoring AWS services. AWS Control Tower needs more tracking as well. 

I have been working with the solution for four to five years. 

I rate the product's stability an eight out of ten. 

I rate AWS Control Tower's scalability an eight out of ten. 

The tool's deployment was not easy in the beginning. However, it got better with practice. Deployment is easy now. 

AWS Control Tower helped us save money. 

You need to know about AWS and the cloud before using the product. I rate it a seven out of ten.