AWS Control Tower Reviews

I'm using the solution for account security and governance.

I've used AWS Control Tower as an additional account security and governance layer. This client reached out to us because they had security problems in their accounts, and they wanted us to assist them with some security strategies. I started by helping them build a solid foundation where their accounts could be managed. When I talk about managing accounts, they could use AWS organization and Control Tower as an additional layer for security best practices. This means I would build a management account to enable the AWS organization to create different organizational units, which will act as a container for managing the AWS accounts with the organization's customers. With AWS Control Tower, I could build a landing zone for account best practices, which means implementing guardrails in AWS Control Tower. There are 24 guardrails. We have preventive and detective guardrails. Preventive guardrails use an SAP policy, which limits identities from performing certain actions within the AWS accounts. Apart from that, I was also able to make detective guardrails, which help to detect certain abnormalities or certain activities being done by identities within that environment. And these activities may make our environments non-compliant. It sends alerts to us so we can revoke anything done in that account.

There are two features in Control Tower which are the most valuable. One is the guardrails because it has preventive and detective guardrails. I also like SSO, which is single sign-on, because single sign-on helps in our AWS organization. And with guardrails, it helps to limit identities from performing certain actions in that AWS account.

I think AWS Control Tower can improve on its guardrails and the SAP policies. These are policies that help to prevent users from performing certain actions in an AWS account in that AWS organization. Security is important, and AWS Control Tower is used mostly for security. The solution's stability could be improved as well.

I have five years of experience with AWS Control Tower.

I rate AWS Control Tower's stability a five out of ten.

I give AWS Control Tower's scalability an eight out of ten.

The initial setup was straightforward.

AWS Control Tower is not really that expensive.

Control Tower is an additional layer of security providing multi-account governance and compliance, which is an additional layer of security in an AWS organization. Every company would like to have a 90% or 100% secure environment. I advise companies to choose AWS Control Tower because it has that additional layer of security on AWS accounts. We have preventive and detective guardrails. It prevents things from happening in that organization, and when things happen, it can detect who did what when in an AWS organization. The detective guardrails give you everything: the time, the person, and everything done. You can easily trace who did what in an AWS account.

I rate AWS Control Tower an eight out of ten.

We utilized AWS Control Tower for implementing guardrails, mainly for account creation and enforcing rules related to security, application access, and other relevant aspects. The tool ensures that CI/CD pipelines, incorporating TerraForm codes, are only accepted if they adhere to the predefined guardrails established by the company.

With Control Tower, there's no need to worry about individuals creating accounts and introducing risks to the company. Control Tower ensures that everything created in the organization is regulated. People are compelled to adhere to established rules. The key is to ensure that these rules are practical. If, for instance, you restrict internet access, it means no one in the organization can access the internet. Therefore, it's essential to carefully define rules, specifying the required IP addresses, interfaces, and security protocols to achieve the desired regulation within AWS.

The most intriguing feature is the automatic generation of user accounts. Leveraging Active Directory and global company settings, AWS Control Tower enables the creation of AWS user accounts based on job descriptions in Active Directory. This establishes a direct correlation between the user's name, job definition, and the corresponding rules applied to each account.

There aren't any additional features that I feel are missing. However, it's worth noting that Control Tower seems to function as a layer utilizing standard AWS products in the background. Occasionally, the interface may appear less streamlined, with changes in layout based on the underlying products being used. While this doesn't impact functionality, having a more standardized user interface, irrespective of the background products, could enhance the user experience.

I have been using AWS Control Tower for one year.

The stability of AWS Control Tower is satisfactory. It's a reliable product that builds upon existing AWS services, providing a user-friendly interface to streamline various tasks. The product is well-established and stable, offering a comprehensive solution that ensures all relevant aspects of a task are addressed, preventing oversights that may occur when performed manually.

The scalability of AWS Control Tower is commendable. When you use this product, you automatically gain additional resources from AWS, and this scalability feature is provided without incurring extra charges. For instance, the automatic user creation or account creation function may have a minimal cost, like a few cents per user per year, making it an almost free-of-charge feature.

Positive

We utilize AWS products for security, firewall, and networking settings. However, when managing manual processes within AWS, coordination among different departments, such as network and security, can become challenging. Control Tower becomes invaluable in this context, compelling us to establish a comprehensive plan rather than individualized setups. This ensures a global approach to AWS implementation, reducing the risks associated with inconsistent data access and unauthorized permissions.

The user interface is generally straightforward, but it involves a combination of different products in the background. One complexity arises when interfacing with Active Directory, especially when bridging AWS and Azure. AWS makes assumptions, while Azure's Active Directory can be highly customized. In many cases, companies have diverse Active Directory setups due to mergers, making it challenging to connect AWS to Azure seamlessly. Improvement could be made in handling the variety of Active Directory configurations, considering that companies often have a mix of settings rather than a single standardized setup. Activating Control Tower is straightforward, and it should be done before creating AWS accounts. In an existing AWS implementation, activating Control Tower can be impactful, as previous builds might lack control over guardrails and security settings implemented in Control Tower. This could lead to disruptions in working environments, and it is recommended to either create Control Tower at the beginning of a project or set it up alongside existing environments. Verifying that everything works before transitioning to production is crucial to avoid the high risk of disruptions in the production environment.

We handled the deployment in-house without the need for external consultants or integrators. By default, all users entering the company are automatically connected to Control Tower. Regarding the technical team for deployment and maintenance, we had an architect each for security, networking, and AWS cloud, along with one manager and one engineer for implementation—so, in total, five people.

I believe it's free of charge or comes at a very low cost. It's an additional feature. Even if there is a fee, it's minimal. AWS seems to assist customers in gaining a comprehensive view of their security setups within AWS. Using Control Tower is highly recommended, especially as your company grows and involves Active Directory, various departments, and different architectural aspects. It becomes more advisable to leverage Control Tower rather than managing these aspects manually, especially for larger organizations.

Overall, I rate the solution a nine out of ten. 

It enables companies, entities, and teams to elevate their innovation levels, as it consistently introduces new services, both on a quarterly and annual basis, each brimming with features that catalyze innovation for these entities.

Reliability is the standout factor. Its approach to architecting infrastructure is geared towards unparalleled reliability. It is incredibly user-friendly and functions seamlessly.

The sole drawback is its restriction to enable only one Control Tower. This limitation hinders its effectiveness, particularly for organizations or management accounts with multiple subsidiaries that require more than one.

I have been working with it for three years.

It is a highly reliable product. We never faced any issues or setbacks in the performance.

It offers good scalability capabilities.

There are instances where the wait times can exceed expectations, and reaching a specialist, particularly at the higher tiers like level two and level three support, may sometimes require more time than desired. However, it's important to emphasize that even with these considerations, AWS support stands out as the best option when compared to support services offered by other cloud providers. On a scale of one to ten, I would rate it at a solid nine.

Positive

The initial setup was easy.

It is cost-effective and the associated cost is quite minimal. The only investment is the time and effort required to acquire the skills necessary to use it.

It serves as a valuable tool to streamline governance, ensure compliance across these accounts, and facilitate the establishment of standardized practices in areas like security, monitoring, and logging, which are often referred to as cross-cutting concerns. I would strongly recommend using Control Tower if you have multiple AWS accounts. Overall, I would rate it eight out of ten.

When the company was facing certain downtime and latency in their AWS accounts, and they wanted to integrate multiple AWS accounts to improve flexibility and performance, I suggested using AWS Control Tower to set up a well-architected multi-account environment. It is used to effectively manage multiple accounts, including one dedicated to data residency compliance, which is crucial, especially for email operations.

It aligns well with the customer's needs and it ultimately fosters a strong customer-company relationship.

The way they currently handle security logs and company-wide logging could be improved as centralizing these systems would make it much easier to trace any security breaches. Without proper tracking of API logs and timely resolution of errors, the company could face significant financial losses. By making APIs and organizational units more centralized, it would be simpler to pinpoint the source of issues in case of a breach and would ultimately benefit everyone involved.

I find it to be extremely stable, and I would rate it a nine out of ten. AWS Control Tower also offers comprehensive documentation regarding the regions where it can operate effectively, which contributes to its reliability.

I would rate its scalability capabilities eight out of ten.

I have used numerous solutions such as AWS CloudFormation, IAM, Terraform, and their various components to create a wide range of projects in the cloud environment.

It is notably user-friendly because it provides default values and guidance. For instance, when setting up the two organizations, they offer predefined names for the sandbox and security accounts. When inputting names for the audit and log accounts, they also provide explanations. This user-friendly approach makes it accessible even for someone with no prior AWS experience. It's quite intuitive, especially with the provided guidance.

The deployment process depends on the resources being utilized and the scale of the deployment. If you aim to implement governance across multiple regions, it can be time-consuming because provisioning resources in each of those regions may require additional time and effort.

I have been able to assist clients in determining cost-effective solutions based on their specific needs. The pay-as-you-go model ensures you're only charged for what you use, which offers great flexibility for different types of companies.

Without the correct setup, users may encounter errors and mishaps with AWS Control Tower. To avoid these issues, I would recommend ensuring they establish an AWS organization correctly, configure services accordingly, and enable the appropriate policies that align with AWS best practices. Overall, it is an excellent product. I would rate it a nine out of ten considering all the factors.

AWS Control Tower helps to save a lot of work and manage multiple accounts. 

The tool's setup is very technical. Its pricing can be cheaper. 

I have been working with the product for three years. 

AWS Control Tower's stability is excellent. 

The product is very scalable. My company has two users for the product. 

I rate AWS Control Tower a ten out of ten since it is easy and automated. 

We use the product to streamline AWS account management. 

AWS Control Tower helps companies save costs. 

I like the tool's customization and configuration. 

AWS Control Tower should improve its fast execution. It also needs more tools for triggering and monitoring AWS services. AWS Control Tower needs more tracking as well. 

I have been working with the solution for four to five years. 

I rate the product's stability an eight out of ten. 

I rate AWS Control Tower's scalability an eight out of ten. 

The tool's deployment was not easy in the beginning. However, it got better with practice. Deployment is easy now. 

AWS Control Tower helped us save money. 

You need to know about AWS and the cloud before using the product. I rate it a seven out of ten. 

We use AWS Control Tower to manage multiple accounts. It provides a central point for account management, access control, and compliance monitoring.

There could be more features for security and automation in the product.

We have been using AWS Control Tower for three years.

I rate the product's stability a seven out of ten. It gets subjected to malware attacks regardless of fundamental security features. We need to ensure it stays compliant.

It allows for centralized management of multiple AWS accounts and a layer of control and security to the organization's environment. The scalability depends on the organization and how effectively you implement and utilize the service. I rate its scalability an eight out of ten.

The initial setup process is simple as AWS already configures most things. The deployment time depends on the process and the complexity of the environment.

The product's affordability depends on the value it brings to specific organizations. Small businesses may find it expensive. It helps streamline operations, improve security, and reduce costs by enforcing best practices and policies. Thus, it is costly but valuable.

I rate AWS Control Tower an eight out of ten.

At the moment, I can't comment on the features of the tool since it is not a necessary tool. However, it is a good tool to manage and centralize, especially for managing the servers and certain features on the cloud. Even though there are solutions that offer functionalities similar to AWS Control Tower, I don't know how to use any of them.

While using the solution recently, it broke a certain activity. So, AWS Control Tower needs to consider making the solution better.

I have experience with AWS Control Tower.

I know how to use it, and I am comfortable with AWS Control Tower. Scalability-wise, I rate it a seven out of ten.

I rate the technical support an eight out of ten.

Positive

The solution's initial setup was easy for me.

In Brazil, pricing for AWS Control Tower is very, very high. On a scale of one to ten, where one is a low price and ten is a high price, I rate the pricing an eight.

I think AWS Control Tower is a good solution, and I am comfortable understanding its functionalities. At the moment, I do not use stack-up solutions in any of my operations in a day, but I understand the channel that they help you to apply applications for the use of customers. I rate the overall product a five out of ten.