Do you have difficulty managing multiple AWS accounts?
With the introduction of public cloud, companies are able to stand up environments quicker and have more control over all layers of their IT infrastructure. This has created a change in the way everybody logs in to administer their piece of the environment, it has changed the way that companies allow their customers to access their products, and it has even changed the ways that companies are able to track this access and the cost associated with these new abilities.
However, with expandability comes increase responsibility. Granted, the ability to provide people access to anything within your environment is a breeze now. In minimal time, you can provide a number of people access to everything. However, this begs the question, do you want them to be able to access everything, do they need access to everything, and what happens if a misconfiguration occurs, whether it be malicious or not. With the regulations passed down in fields like healthcare, finance, government, or even oil and gas, this access must be regulated, limited to an as needed basis, and most importantly, tracked.
What is AWS Control Tower?
With the creation of AWS Control Tower, AWS has taken the responsibilities that come with managing multi-account environments and simplified it such that when configured properly, new accounts can be created in a couple of clicks, your new accounts are in line with company policies, and you have the required governance in place to exceed the requirements of most of today’s security certifications. If you’re reading this, wishing you had heard of Control Tower before you built out your AWS environment, you’re in luck, as this tool can be utilized on new and already existing environments.
Artboard%201256x256.png "cloud computers 2 (original)Artboard 1256x256")
What does AWS Control Tower consist of?
AWS brough together several existing tools, and already existing cloud concepts in the creation of Control Tower to make it as useful as it is. This started with the cloud concept of a landing zone. You can think of a landing zone as a cloud environment template that is packaged with industry best practices in all aspects of cloud we have been discussing in this article. Once applied to your new or already existing environment, you will already be following baseline best practices in access, governance, security, networking, and logging. From the landing zone, AWS created a number of other tools to complement the function of landing zones and AWS Control Tower as a whole. From things like AWS Organizations and AWS Guardrails that allow you to centrally manage and govern your environment, to centralized logging accounts and auditing accounts that allow security teams to collect and analyze AWS logs, to AWS Single Sign On (SSO) and AWS Account Factory that allows you centrally authenticate your current and newly created workforce identities.
How Much Does AWS Control Tower Cost?
AWS Control Tower itself does not cost anything. What you incur charges for are the base services that AWS utilizes to provide the underlying functionality of Control Tower. Things like AWS VPC for networking, AWS CloudTrail or CloudWatch to track metrics and user actions along with S3 to store this data, and Amazon Simple Notification Service (SNS) for notifications based on certain events. There are more potential services you will use, but these would be your more commonly used services. Also, keep in mind that all of these services are consumption based, meaning that you only pay for what you use as you use it and nothing more.
How can Lightstream assist with AWS Control Tower?
Lightstream has a fully certified and experienced staff that has years of experience in implementing AWS Control Tower, and with that experience we have learned a number of industry lessons that have helped us refine and shape industry best practices over the years. We are happy to assist and guide you through your Control Tower implementation, but also welcome the opportunity completely build out your AWS environment through Control Tower based on your company’s success criteria. Then train you and your team so you have the tools to continue a safe and secure AWS journey. Number of accounts nor amount of AWS experience matter as we have the ability to assist at any level.
Get in touch to schedule a one-on-one consultation.
Fill out the form and a Lightstream expert will reach out to you shortly, or book a time on the calendar