Leveraging Control Tower
Control Tower is an AWS service that addresses all the aspects covered earlier in this chapter in a prescriptive way. It is an opinionated service that allows you to automate the setup of your baseline environment—in other words, your landing zone. Control Tower does this by following a set of best practices coming from the collective experience of AWS. This experience was built over the years by working with thousands of customers who needed to set up a secure AWS environment to govern their AWS workloads more easily with central rules for security, operations, and compliance.
On top of these best practices, Control Tower relies on multiple other AWS services such as, but not limited to, AWS Organizations, AWS Config, AWS Service Catalog, AWS SSO, and AWS CloudTrail.
You can either set up Control Tower in a brand-new organization (as defined in AWS Organizations) when starting afresh or use it in an existing organization that you already have...
