AWS Control Tower Reviews

It enables companies, entities, and teams to elevate their innovation levels, as it consistently introduces new services, both on a quarterly and annual basis, each brimming with features that catalyze innovation for these entities.

Reliability is the standout factor. Its approach to architecting infrastructure is geared towards unparalleled reliability. It is incredibly user-friendly and functions seamlessly.

The sole drawback is its restriction to enable only one Control Tower. This limitation hinders its effectiveness, particularly for organizations or management accounts with multiple subsidiaries that require more than one.

I have been working with it for three years.

It is a highly reliable product. We never faced any issues or setbacks in the performance.

It offers good scalability capabilities.

There are instances where the wait times can exceed expectations, and reaching a specialist, particularly at the higher tiers like level two and level three support, may sometimes require more time than desired. However, it's important to emphasize that even with these considerations, AWS support stands out as the best option when compared to support services offered by other cloud providers. On a scale of one to ten, I would rate it at a solid nine.

Positive

The initial setup was easy.

It is cost-effective and the associated cost is quite minimal. The only investment is the time and effort required to acquire the skills necessary to use it.

It serves as a valuable tool to streamline governance, ensure compliance across these accounts, and facilitate the establishment of standardized practices in areas like security, monitoring, and logging, which are often referred to as cross-cutting concerns. I would strongly recommend using Control Tower if you have multiple AWS accounts. Overall, I would rate it eight out of ten.

We utilized AWS Control Tower for implementing guardrails, mainly for account creation and enforcing rules related to security, application access, and other relevant aspects. The tool ensures that CI/CD pipelines, incorporating TerraForm codes, are only accepted if they adhere to the predefined guardrails established by the company.

With Control Tower, there's no need to worry about individuals creating accounts and introducing risks to the company. Control Tower ensures that everything created in the organization is regulated. People are compelled to adhere to established rules. The key is to ensure that these rules are practical. If, for instance, you restrict internet access, it means no one in the organization can access the internet. Therefore, it's essential to carefully define rules, specifying the required IP addresses, interfaces, and security protocols to achieve the desired regulation within AWS.

The most intriguing feature is the automatic generation of user accounts. Leveraging Active Directory and global company settings, AWS Control Tower enables the creation of AWS user accounts based on job descriptions in Active Directory. This establishes a direct correlation between the user's name, job definition, and the corresponding rules applied to each account.

There aren't any additional features that I feel are missing. However, it's worth noting that Control Tower seems to function as a layer utilizing standard AWS products in the background. Occasionally, the interface may appear less streamlined, with changes in layout based on the underlying products being used. While this doesn't impact functionality, having a more standardized user interface, irrespective of the background products, could enhance the user experience.

I have been using AWS Control Tower for one year.

The stability of AWS Control Tower is satisfactory. It's a reliable product that builds upon existing AWS services, providing a user-friendly interface to streamline various tasks. The product is well-established and stable, offering a comprehensive solution that ensures all relevant aspects of a task are addressed, preventing oversights that may occur when performed manually.

The scalability of AWS Control Tower is commendable. When you use this product, you automatically gain additional resources from AWS, and this scalability feature is provided without incurring extra charges. For instance, the automatic user creation or account creation function may have a minimal cost, like a few cents per user per year, making it an almost free-of-charge feature.

Positive

We utilize AWS products for security, firewall, and networking settings. However, when managing manual processes within AWS, coordination among different departments, such as network and security, can become challenging. Control Tower becomes invaluable in this context, compelling us to establish a comprehensive plan rather than individualized setups. This ensures a global approach to AWS implementation, reducing the risks associated with inconsistent data access and unauthorized permissions.

The user interface is generally straightforward, but it involves a combination of different products in the background. One complexity arises when interfacing with Active Directory, especially when bridging AWS and Azure. AWS makes assumptions, while Azure's Active Directory can be highly customized. In many cases, companies have diverse Active Directory setups due to mergers, making it challenging to connect AWS to Azure seamlessly. Improvement could be made in handling the variety of Active Directory configurations, considering that companies often have a mix of settings rather than a single standardized setup. Activating Control Tower is straightforward, and it should be done before creating AWS accounts. In an existing AWS implementation, activating Control Tower can be impactful, as previous builds might lack control over guardrails and security settings implemented in Control Tower. This could lead to disruptions in working environments, and it is recommended to either create Control Tower at the beginning of a project or set it up alongside existing environments. Verifying that everything works before transitioning to production is crucial to avoid the high risk of disruptions in the production environment.

We handled the deployment in-house without the need for external consultants or integrators. By default, all users entering the company are automatically connected to Control Tower. Regarding the technical team for deployment and maintenance, we had an architect each for security, networking, and AWS cloud, along with one manager and one engineer for implementation—so, in total, five people.

I believe it's free of charge or comes at a very low cost. It's an additional feature. Even if there is a fee, it's minimal. AWS seems to assist customers in gaining a comprehensive view of their security setups within AWS. Using Control Tower is highly recommended, especially as your company grows and involves Active Directory, various departments, and different architectural aspects. It becomes more advisable to leverage Control Tower rather than managing these aspects manually, especially for larger organizations.

Overall, I rate the solution a nine out of ten. 

It stands out as a valuable service due to its extensive capabilities, including predefined, detective, and preventive guardrails. It eliminates the need to scour a catalog for services, making tasks like creating custom Amazon Machine Images (AMIs) straightforward for developers. It streamlines the process of setting up and managing management accounts within my organization due to its well-structured integration of various services and functionalities.

I currently oversee data management within our organization, which includes the administration of various data accounts. This involves the ability to seamlessly switch between different accounts to ensure efficient management, which is particularly useful for managing a diverse set of accounts created to serve various purposes within our organization. The robust security features provided by AWS Control Tower play a crucial role in ensuring the integrity and protection of our data.

One noteworthy aspect of AWS Config and Service Control Policies (SCPs) is the effectiveness of SCPs in defining and enforcing restrictions within the AWS environment. When SCPs are applied, they serve as preventive measures by limiting certain actions and behaviors within the environment. Instead of merely granting a user a broad set of privileges, SCPs allow for a more fine-grained approach. You can specify which AWS services a user is permitted to access, aligning permissions precisely with the daily tasks they need to perform. This level of control ensures that access is tailored to the specific requirements of the user's role and responsibilities.

When it comes to security in the ever-evolving AWS landscape, it's a constant challenge because Amazon keeps introducing new features and services regularly. I would suggest improvement regarding the ongoing pursuit of enhanced security within the Control Tower environment. This means continuously refining and fortifying the service to ensure that it meets the stringent security requirements of both large, established organizations and those newcomers venturing into the cloud for the first time. It would be beneficial if AWS offered the capability to seamlessly deploy your infrastructure to another region to ensure continuous availability and redundancy.

I have been working with it for four years.

I would rate its stability capabilities quite highly, perhaps a nine out of ten. While it's an excellent service overall, there have been instances where certain services experienced temporary disruptions due to factors like regional availability.

Scalability remains a key priority, as it caters to the diverse needs of AWS users, regardless of their organization's size or level of cloud adoption. I would rate it ten out of ten.

The customer support has been consistently excellent. I would rate it ten out of ten.

Positive

When establishing your landing zone, you start by creating your accounts, including Organizational Units (OUs) and Core accounts. After that, you simply organize your accounts according to your needs within the OUs and manage them accordingly. This streamlined approach makes the initial setup of Control Tower quite user-friendly and efficient.

The ROI is undeniably excellent. It offers significant value by simplifying the management of multiple AWS accounts effectively. Moreover, from a security perspective, it empowers you to organize your accounts within the organization and implement preventive guardrails using Service Control Policies (SCPs) and AWS Config. These preventive measures and detection mechanisms play a crucial role in safeguarding your organization against attacks and ensuring you have visibility into the activities occurring within your environment.

The pricing structure is closely intertwined with the specifics of your environment and the billing strategy you employ. One notable feature that plays a significant role in pricing is AWS Hub, which offers consolidated billing, so instead of each individual account in your organization being billed separately, you can group them together and it typically results in reduced pricing.

I would strongly recommend AWS Control Tower, especially for companies with large, complex organizations or enterprises. This service is particularly beneficial when dealing with various organizational units within your company as it allows for efficient structuring and categorizing of these units and places the associated accounts accordingly. One of the standout advantages is the fine-grained control it offers in terms of permissions and privileges. You can tailor access to specific AWS resources based on the job functions and responsibilities of users or accounts. From a security perspective, it excels in providing robust controls and access management. I would rate it ten out of ten.

When the company was facing certain downtime and latency in their AWS accounts, and they wanted to integrate multiple AWS accounts to improve flexibility and performance, I suggested using AWS Control Tower to set up a well-architected multi-account environment. It is used to effectively manage multiple accounts, including one dedicated to data residency compliance, which is crucial, especially for email operations.

It aligns well with the customer's needs and it ultimately fosters a strong customer-company relationship.

The way they currently handle security logs and company-wide logging could be improved as centralizing these systems would make it much easier to trace any security breaches. Without proper tracking of API logs and timely resolution of errors, the company could face significant financial losses. By making APIs and organizational units more centralized, it would be simpler to pinpoint the source of issues in case of a breach and would ultimately benefit everyone involved.

I find it to be extremely stable, and I would rate it a nine out of ten. AWS Control Tower also offers comprehensive documentation regarding the regions where it can operate effectively, which contributes to its reliability.

I would rate its scalability capabilities eight out of ten.

I have used numerous solutions such as AWS CloudFormation, IAM, Terraform, and their various components to create a wide range of projects in the cloud environment.

It is notably user-friendly because it provides default values and guidance. For instance, when setting up the two organizations, they offer predefined names for the sandbox and security accounts. When inputting names for the audit and log accounts, they also provide explanations. This user-friendly approach makes it accessible even for someone with no prior AWS experience. It's quite intuitive, especially with the provided guidance.

The deployment process depends on the resources being utilized and the scale of the deployment. If you aim to implement governance across multiple regions, it can be time-consuming because provisioning resources in each of those regions may require additional time and effort.

I have been able to assist clients in determining cost-effective solutions based on their specific needs. The pay-as-you-go model ensures you're only charged for what you use, which offers great flexibility for different types of companies.

Without the correct setup, users may encounter errors and mishaps with AWS Control Tower. To avoid these issues, I would recommend ensuring they establish an AWS organization correctly, configure services accordingly, and enable the appropriate policies that align with AWS best practices. Overall, it is an excellent product. I would rate it a nine out of ten considering all the factors.

We use the product to streamline AWS account management. 

AWS Control Tower helps companies save costs. 

I like the tool's customization and configuration. 

AWS Control Tower should improve its fast execution. It also needs more tools for triggering and monitoring AWS services. AWS Control Tower needs more tracking as well. 

I have been working with the solution for four to five years. 

I rate the product's stability an eight out of ten. 

I rate AWS Control Tower's scalability an eight out of ten. 

The tool's deployment was not easy in the beginning. However, it got better with practice. Deployment is easy now. 

AWS Control Tower helped us save money. 

You need to know about AWS and the cloud before using the product. I rate it a seven out of ten. 

We use AWS Control Tower to manage multiple accounts. It provides a central point for account management, access control, and compliance monitoring.

There could be more features for security and automation in the product.

We have been using AWS Control Tower for three years.

I rate the product's stability a seven out of ten. It gets subjected to malware attacks regardless of fundamental security features. We need to ensure it stays compliant.

It allows for centralized management of multiple AWS accounts and a layer of control and security to the organization's environment. The scalability depends on the organization and how effectively you implement and utilize the service. I rate its scalability an eight out of ten.

The initial setup process is simple as AWS already configures most things. The deployment time depends on the process and the complexity of the environment.

The product's affordability depends on the value it brings to specific organizations. Small businesses may find it expensive. It helps streamline operations, improve security, and reduce costs by enforcing best practices and policies. Thus, it is costly but valuable.

I rate AWS Control Tower an eight out of ten.

AWS Control Tower helps to save a lot of work and manage multiple accounts. 

The tool's setup is very technical. Its pricing can be cheaper. 

I have been working with the product for three years. 

AWS Control Tower's stability is excellent. 

The product is very scalable. My company has two users for the product. 

I rate AWS Control Tower a ten out of ten since it is easy and automated. 

We use the solution to provide a specific configuration. The rule of AWS Control Tower is to make sure that we're creating the accounts in a specific way in AWS.

AWS Control Tower helps us to make sure that all the accounts that we're creating now follow a specific configuration. We are sure that all the accounts always configure the same.

Compliance is the most valuable feature. The feature helps us ensure that all the accounts are compliant with the requirements of the company.

The integration with other AWS functions has room for improvement. I would like the ability to integrate other options or functions into the organization.

The initial setup is a bit complex and has room for improvement.

I have been using the solution for one and a half years.

I give the stability a ten out of ten.

I give the scalability a ten out of ten.

The initial setup is a bit complex.

We have seen a return on investment. It can be costly for an organization to make sure they meet all the compliances and AWS Control Tower helps us be compliant which minimizes the cost.

The solution is free.

I give the solution a seven out of ten.

People should not rely on AWS Control Tower alone because it is a portion of the configuration but it's not everything.