AWS brings Control Tower to GovCloud (US)
Big news in GovCloud came around last week as AWS announced Control Tower support in all GovCloud (US) regions. If this doesn’t seem that exciting to you, it should. It’s a pretty big deal.
What is Control Tower?
AWS Control Tower enables end users from distributed teams to provision new AWS accounts quickly, by means of configurable account templates via Account Factory. Meanwhile, central cloud administrators can monitor that all accounts are aligned with established, organization-wide compliance policies.
What does this mean?
Some of the biggest factors this brings to the table are:
Inherent compliance… to our favorite data security and compliance standards (NIST, DFARS, CMMC, etc) at an account level. This change enables organizations to leverage prebuilt account templates with all of the bells and whistles precisely configured. As a result, each account can be provisioned with all of the proper compliance and security standards automatically set.
Well-architected adherence… can be a daunting task for cloud architects within AWS GovCloud. For example, a well-architected principle of provisioning separate accounts for network, compute and data layers of an application can be a massively difficult (or in some cases impossible ) task depending on how an organization’s account structure is configured. Now, with Account Factory these separate accounts can be easily deployed with pre-approved configuration settings (including services and/or infrastructure).
Monitoring & management improvements… are baked into it all when it comes to cloud administrators tracking and monitoring configuration drift or misalignment with compliance standards across an organization. All accounts provisioned with Control Tower can roll up into a single location for administrators to track, monitor, and make changes all from one place. When it comes to an organization with hundreds of provisioned accounts, this can be a massive leg up for security and compliance teams.
Implications in GovCloud
When a public sector organization moves to GovCloud, they move big. This means many development environments, multi-classification level production environments, rigorous networking requirements, complex deployment pipelines, and more. Following well-architected principles can mean needing hundreds of accounts for organizations in certain cases. All of this is now rolled into a single service that will enable these organizations to provision and manage all of these accounts from a single location.
This should be a call to action for all of those not yet leveraging Control Tower within your GovCloud workloads.
Contact Us
