There aren't any additional features that I feel are missing. However, it's worth noting that Control Tower seems to function as a layer utilizing standard AWS products in the background. Occasionally, the interface may appear less streamlined, with changes in layout based on the underlying products being used. While this doesn't impact functionality, having a more standardized user interface, irrespective of the background products, could enhance the user experience.
The sole drawback is its restriction to enable only one Control Tower. This limitation hinders its effectiveness, particularly for organizations or management accounts with multiple subsidiaries that require more than one.
It is undoubtedly a growing service, and it's evident that AWS is continuously working to improve it. However, some challenges do arise when it comes to migrating existing accounts that are not yet under Control Tower into the system. This process often involves creating specific roles manually, and it can be somewhat tedious and there isn't a readily available set of guidelines for this process. It requires some searching and digging through to find the necessary information. It is essential to clarify that this isn't necessarily a drawback of the service, but having a clear and concise set of predefined guidelines from AWS for moving existing accounts under AWS Control Tower would be highly beneficial as it would simplify the process and make it more user-friendly.
It could be improved by having a more intuitive graphical interface. It could also include other coding languages like PowerShell and Python, as it would be beneficial for DevOps recommendations. Having the capability to create architectural designs in a diagram format while creating the landing zone would help showcase the design to higher-level stakeholders.
AWS Cloud Engineer/Cloud Architect at Landmark Technologies
Real User
Top 5
2023-09-15T20:07:35Z
Sep 15, 2023
You don't do anything when you set up these landing zones, such as the AWS Organization single sign-on. Everything is preconfigured, and you just have to do automation. Everything is established in the environment. If Control Tower could do this, it would be much better where all the security tools are already in it. I know AWS has its security tools, like Security Hub and Cloud Check, with minimal configuration. It would be much better if you set up the landing zone, which is the master account in the foundation of the environment, and all these tools are included. You should just get to go in and go, "Okay, I need this at this particular time." You should get to go in and do it. There should be more automation security tools in the Control Tower.
The integration with other AWS functions has room for improvement. I would like the ability to integrate other options or functions into the organization. The initial setup is a bit complex and has room for improvement.
AWS Control Tower offers the easiest way to set up and govern a new, secure, multi-account AWS environment. It establishes a landing zone that is based on best-practices blueprints, and enables governance using guardrails you can choose from a pre-packaged list.
AWS should provide more resources, examples, and tutorials. Mastering the technology will be more wonderful, but it takes some time to moderate.
There aren't any additional features that I feel are missing. However, it's worth noting that Control Tower seems to function as a layer utilizing standard AWS products in the background. Occasionally, the interface may appear less streamlined, with changes in layout based on the underlying products being used. While this doesn't impact functionality, having a more standardized user interface, irrespective of the background products, could enhance the user experience.
The tool's setup is very technical. Its pricing can be cheaper.
The sole drawback is its restriction to enable only one Control Tower. This limitation hinders its effectiveness, particularly for organizations or management accounts with multiple subsidiaries that require more than one.
It is undoubtedly a growing service, and it's evident that AWS is continuously working to improve it. However, some challenges do arise when it comes to migrating existing accounts that are not yet under Control Tower into the system. This process often involves creating specific roles manually, and it can be somewhat tedious and there isn't a readily available set of guidelines for this process. It requires some searching and digging through to find the necessary information. It is essential to clarify that this isn't necessarily a drawback of the service, but having a clear and concise set of predefined guidelines from AWS for moving existing accounts under AWS Control Tower would be highly beneficial as it would simplify the process and make it more user-friendly.
It could be improved by having a more intuitive graphical interface. It could also include other coding languages like PowerShell and Python, as it would be beneficial for DevOps recommendations. Having the capability to create architectural designs in a diagram format while creating the landing zone would help showcase the design to higher-level stakeholders.
You don't do anything when you set up these landing zones, such as the AWS Organization single sign-on. Everything is preconfigured, and you just have to do automation. Everything is established in the environment. If Control Tower could do this, it would be much better where all the security tools are already in it. I know AWS has its security tools, like Security Hub and Cloud Check, with minimal configuration. It would be much better if you set up the landing zone, which is the master account in the foundation of the environment, and all these tools are included. You should just get to go in and go, "Okay, I need this at this particular time." You should get to go in and do it. There should be more automation security tools in the Control Tower.
There could be more features for security and automation in the product.
While using the solution recently, it broke a certain activity. So, AWS Control Tower needs to consider making the solution better.
The integration with other AWS functions has room for improvement. I would like the ability to integrate other options or functions into the organization. The initial setup is a bit complex and has room for improvement.