AWS Control Tower Reviews

We've been using it for a considerable period. We had a large enterprise with multiple teams and projects, and we employed AWS Tower to streamline the setup and management of multiple AWS accounts, each with its own predefined guidelines and configurations. This was particularly beneficial for our organization, which has strict security and compliance requirements. AWS Tower played a crucial role in enforcing best practices and policies across these AWS accounts, ensuring they were provisioned with the necessary security controls and configurations. This approach significantly reduced the chances of misconfigurations and unauthorized access.

Additionally, we utilized AWS Control Tower to facilitate the creation of new AWS accounts for various projects, teams, and departments. We leveraged the account factory feature to automate the provisioning of new accounts, including defined variables and configurations. This automation considerably reduced the time and effort required to set up a new account.

In my capacity as a DevOps engineer, I've had the opportunity to utilize AWS Tower to enhance our organization's management of AWS infrastructure at an enterprise level. It has played a crucial role in achieving consistent governance and security standards across our multiple AWS accounts. I took the lead on a project aimed at centralizing and optimizing AWS account management to cater to various departments and projects while ensuring stringent security and compliance. AWS Tower served as the cornerstone of this initiative.

During the implementation phase, I began by configuring a landing zone using AWS Control Tower. This landing zone incorporated best practices in networking, security controls, and identity management. I then customized it to align with our organization's specific security requirements, effectively establishing a secure foundation for all our AWS accounts.

The most significant benefit of Control Tower is its capability to align with our organization's standards. The primary advantage is the consistency it brings to governance, allowing us to enforce security policies and automate account provisioning. It plays a crucial role in ensuring security and compliance, which is a top priority for our company. Additionally, it simplifies management and aids in cost control. It offers customization and flexibility, as well as scalability to support our organization's growth.           

There's room for improvement in several security aspects. While AWS Tower provides predefined guardrails for enforcing security and compliance, offering more customizable options would be beneficial. Allowing organizations to define custom guardrails or modify existing ones to align with specific security and compliance requirements would enhance flexibility.

Integration with popular third-party DevOps and security tools could streamline workflows. Moreover, introducing more advanced governance policies would enable organizations to define and enforce complex policies effectively. Improving support for multi-region configurations is essential, along with simplifying ongoing management, such as enhancing the AWS Control Tower custom dashboard.

Advanced notifications and alerts, including integration with popular incident management tools, would be valuable additions. Lastly, establishing a robust feedback mechanism and actively engaging with the user community could provide valuable insights for further improvement.

I have worked with AWS Control Tower for about six years.

I would rate the stability a six out of ten. 

I would rate the scalability a seven out of ten.

The initial setup is complex.

It is expensive but it is an investment.

To make effective use of AWS, organizations should start by assessing their AWS usage and being transparent about their pricing requirements. They need to understand the specific needs of their organization and evaluate whether the AWS Control Tower features align with those needs. It's important to thoroughly research the available capabilities of AWS Tower and determine if it can provide the necessary support. Customization should be considered to tailor the solution to their unique requirements. Organizations should also assess their integration needs, explore automation opportunities for improved efficiency, and review their multi-account strategy. Scalability and future readiness should be factored in when making decisions. Additionally, they should closely examine the pricing structure and consider engaging with AWS support. They can collect valuable feedback from peers which can help in the decision-making process.

I would rate the overall product a nine out of ten.

It enables companies, entities, and teams to elevate their innovation levels, as it consistently introduces new services, both on a quarterly and annual basis, each brimming with features that catalyze innovation for these entities.

Reliability is the standout factor. Its approach to architecting infrastructure is geared towards unparalleled reliability. It is incredibly user-friendly and functions seamlessly.

The sole drawback is its restriction to enable only one Control Tower. This limitation hinders its effectiveness, particularly for organizations or management accounts with multiple subsidiaries that require more than one.

I have been working with it for three years.

It is a highly reliable product. We never faced any issues or setbacks in the performance.

It offers good scalability capabilities.

There are instances where the wait times can exceed expectations, and reaching a specialist, particularly at the higher tiers like level two and level three support, may sometimes require more time than desired. However, it's important to emphasize that even with these considerations, AWS support stands out as the best option when compared to support services offered by other cloud providers. On a scale of one to ten, I would rate it at a solid nine.

Positive

The initial setup was easy.

It is cost-effective and the associated cost is quite minimal. The only investment is the time and effort required to acquire the skills necessary to use it.

It serves as a valuable tool to streamline governance, ensure compliance across these accounts, and facilitate the establishment of standardized practices in areas like security, monitoring, and logging, which are often referred to as cross-cutting concerns. I would strongly recommend using Control Tower if you have multiple AWS accounts. Overall, I would rate it eight out of ten.

It stands out as a valuable service due to its extensive capabilities, including predefined, detective, and preventive guardrails. It eliminates the need to scour a catalog for services, making tasks like creating custom Amazon Machine Images (AMIs) straightforward for developers. It streamlines the process of setting up and managing management accounts within my organization due to its well-structured integration of various services and functionalities.

I currently oversee data management within our organization, which includes the administration of various data accounts. This involves the ability to seamlessly switch between different accounts to ensure efficient management, which is particularly useful for managing a diverse set of accounts created to serve various purposes within our organization. The robust security features provided by AWS Control Tower play a crucial role in ensuring the integrity and protection of our data.

One noteworthy aspect of AWS Config and Service Control Policies (SCPs) is the effectiveness of SCPs in defining and enforcing restrictions within the AWS environment. When SCPs are applied, they serve as preventive measures by limiting certain actions and behaviors within the environment. Instead of merely granting a user a broad set of privileges, SCPs allow for a more fine-grained approach. You can specify which AWS services a user is permitted to access, aligning permissions precisely with the daily tasks they need to perform. This level of control ensures that access is tailored to the specific requirements of the user's role and responsibilities.

When it comes to security in the ever-evolving AWS landscape, it's a constant challenge because Amazon keeps introducing new features and services regularly. I would suggest improvement regarding the ongoing pursuit of enhanced security within the Control Tower environment. This means continuously refining and fortifying the service to ensure that it meets the stringent security requirements of both large, established organizations and those newcomers venturing into the cloud for the first time. It would be beneficial if AWS offered the capability to seamlessly deploy your infrastructure to another region to ensure continuous availability and redundancy.

I have been working with it for four years.

I would rate its stability capabilities quite highly, perhaps a nine out of ten. While it's an excellent service overall, there have been instances where certain services experienced temporary disruptions due to factors like regional availability.

Scalability remains a key priority, as it caters to the diverse needs of AWS users, regardless of their organization's size or level of cloud adoption. I would rate it ten out of ten.

The customer support has been consistently excellent. I would rate it ten out of ten.

Positive

When establishing your landing zone, you start by creating your accounts, including Organizational Units (OUs) and Core accounts. After that, you simply organize your accounts according to your needs within the OUs and manage them accordingly. This streamlined approach makes the initial setup of Control Tower quite user-friendly and efficient.

The ROI is undeniably excellent. It offers significant value by simplifying the management of multiple AWS accounts effectively. Moreover, from a security perspective, it empowers you to organize your accounts within the organization and implement preventive guardrails using Service Control Policies (SCPs) and AWS Config. These preventive measures and detection mechanisms play a crucial role in safeguarding your organization against attacks and ensuring you have visibility into the activities occurring within your environment.

The pricing structure is closely intertwined with the specifics of your environment and the billing strategy you employ. One notable feature that plays a significant role in pricing is AWS Hub, which offers consolidated billing, so instead of each individual account in your organization being billed separately, you can group them together and it typically results in reduced pricing.

I would strongly recommend AWS Control Tower, especially for companies with large, complex organizations or enterprises. This service is particularly beneficial when dealing with various organizational units within your company as it allows for efficient structuring and categorizing of these units and places the associated accounts accordingly. One of the standout advantages is the fine-grained control it offers in terms of permissions and privileges. You can tailor access to specific AWS resources based on the job functions and responsibilities of users or accounts. From a security perspective, it excels in providing robust controls and access management. I would rate it ten out of ten.

AWS Control Tower helps to save a lot of work and manage multiple accounts. 

The tool's setup is very technical. Its pricing can be cheaper. 

I have been working with the product for three years. 

AWS Control Tower's stability is excellent. 

The product is very scalable. My company has two users for the product. 

I rate AWS Control Tower a ten out of ten since it is easy and automated. 

When the company was facing certain downtime and latency in their AWS accounts, and they wanted to integrate multiple AWS accounts to improve flexibility and performance, I suggested using AWS Control Tower to set up a well-architected multi-account environment. It is used to effectively manage multiple accounts, including one dedicated to data residency compliance, which is crucial, especially for email operations.

It aligns well with the customer's needs and it ultimately fosters a strong customer-company relationship.

The way they currently handle security logs and company-wide logging could be improved as centralizing these systems would make it much easier to trace any security breaches. Without proper tracking of API logs and timely resolution of errors, the company could face significant financial losses. By making APIs and organizational units more centralized, it would be simpler to pinpoint the source of issues in case of a breach and would ultimately benefit everyone involved.

I find it to be extremely stable, and I would rate it a nine out of ten. AWS Control Tower also offers comprehensive documentation regarding the regions where it can operate effectively, which contributes to its reliability.

I would rate its scalability capabilities eight out of ten.

I have used numerous solutions such as AWS CloudFormation, IAM, Terraform, and their various components to create a wide range of projects in the cloud environment.

It is notably user-friendly because it provides default values and guidance. For instance, when setting up the two organizations, they offer predefined names for the sandbox and security accounts. When inputting names for the audit and log accounts, they also provide explanations. This user-friendly approach makes it accessible even for someone with no prior AWS experience. It's quite intuitive, especially with the provided guidance.

The deployment process depends on the resources being utilized and the scale of the deployment. If you aim to implement governance across multiple regions, it can be time-consuming because provisioning resources in each of those regions may require additional time and effort.

I have been able to assist clients in determining cost-effective solutions based on their specific needs. The pay-as-you-go model ensures you're only charged for what you use, which offers great flexibility for different types of companies.

Without the correct setup, users may encounter errors and mishaps with AWS Control Tower. To avoid these issues, I would recommend ensuring they establish an AWS organization correctly, configure services accordingly, and enable the appropriate policies that align with AWS best practices. Overall, it is an excellent product. I would rate it a nine out of ten considering all the factors.

We have two types of customers: those who are new to AWS and are onboarding for the first time, and those who are already using AWS but have not opted for Control Tower. The second group is now implementing virtual data to enhance policy governance and create landing zones. 

It is noted that policies created manually based on administrator or security recommendations may lack consideration for other parameters. Control Tower aims to address these concerns and offer optimal features, including database and policies, to assist customers in implementing policy-driven governance extensively within their organization.

It offers automated recommendations for security and policies, creating a landing zone and providing a list of policies. Customers can also add their policies and access helpful templates.

It could be improved by having a more intuitive graphical interface. It could also include other coding languages like PowerShell and Python, as it would be beneficial for DevOps recommendations. Having the capability to create architectural designs in a diagram format while creating the landing zone would help showcase the design to higher-level stakeholders.

I have over five years of experience with AWS Control Tower implementation.

It offers great stability.

It is scalable and can be easily customized based on specific requirements. If the number of workloads increases in the future, the landing zone can expand to accommodate the additional workload.

I also use Microsoft Azure, which has its cloud framework and can be implemented alongside AWS. It is easier to use and offers better due diligence, but AWS has a greater number of resources and services available. Choosing between the two platforms depends on factors such as application load, design, and pricing.

The initial setup was quite easy.8

Once AWS Control Tower is enabled, it automatically creates the landing zone and presents policies for the customers to review and agree upon. The implementation process is intuitive, automated, and can be managed by one or two people. The time required for implementation varies, but for small organizations, it typically takes half an hour. When it's implemented, it does not require regular maintenance unless further customizations are needed for infrastructure.

There is a noticeable benefit from implementing AWS, as we heard from various customers. While the cost may be higher compared to on-premise data centers, the services and facilities provided by AWS greatly contribute to the success and value of the businesses. 

The cost is reasonable, but there are opportunities for improvement in terms of pricing for larger enterprises. As organizations accumulate costs for numerous services, it can become a significant amount so reducing these costs would be beneficial.

I highly recommend AWS Control Tower as it is a valuable tool for both first-time and long-term AWS adopters. It helps to manage policies and governance, which are crucial for maintaining security. It would be a beneficial asset for customers who have AWS in their infrastructure. I would rate it nine out of ten.

At the moment, I can't comment on the features of the tool since it is not a necessary tool. However, it is a good tool to manage and centralize, especially for managing the servers and certain features on the cloud. Even though there are solutions that offer functionalities similar to AWS Control Tower, I don't know how to use any of them.

While using the solution recently, it broke a certain activity. So, AWS Control Tower needs to consider making the solution better.

I have experience with AWS Control Tower.

I know how to use it, and I am comfortable with AWS Control Tower. Scalability-wise, I rate it a seven out of ten.

I rate the technical support an eight out of ten.

Positive

The solution's initial setup was easy for me.

In Brazil, pricing for AWS Control Tower is very, very high. On a scale of one to ten, where one is a low price and ten is a high price, I rate the pricing an eight.

I think AWS Control Tower is a good solution, and I am comfortable understanding its functionalities. At the moment, I do not use stack-up solutions in any of my operations in a day, but I understand the channel that they help you to apply applications for the use of customers. I rate the overall product a five out of ten.

We use the product to streamline AWS account management. 

AWS Control Tower helps companies save costs. 

I like the tool's customization and configuration. 

AWS Control Tower should improve its fast execution. It also needs more tools for triggering and monitoring AWS services. AWS Control Tower needs more tracking as well. 

I have been working with the solution for four to five years. 

I rate the product's stability an eight out of ten. 

I rate AWS Control Tower's scalability an eight out of ten. 

The tool's deployment was not easy in the beginning. However, it got better with practice. Deployment is easy now. 

AWS Control Tower helped us save money. 

You need to know about AWS and the cloud before using the product. I rate it a seven out of ten.