Document history - AWS Control Tower

Document history

  • Latest documentation update: December 29, 2020

The following table describes important changes to the AWS Control Tower User Guide. For notifications about documentation updates, you can subscribe to the RSS feed.

Change Description Date

New role for aggregating unmanaged OUs and accounts

A new role assists in detecting external AWS Config rules, so AWS Control Tower does not need to gain access to unmanaged accounts.

December 29, 2020

AWS Control Tower is now available in additional regions.

AWS Control Tower is now available to be deployed in the Asia Pacific (Singapore) Region, Europe (Frankfurt) Region, Europe (London) Region, Europe (Stockholm) Region, and Canada (Central) Region. With this launch AWS Control Tower is now available in 10 AWS Regions. This landing zone update includes all regions listed and cannot be undone. After updating your landing zone to version 2.5, you must manually update all enrolled accounts for AWS Control Tower to govern in the 10 supported AWS Regions.

November 18, 2020

Guardrail update

An updated version has been released for the mandatory guardrail AWS-GR_IAM_ROLE_CHANGE_PROHIBITED. The updated guardrail allows easier automated enrollment of accounts.

October 8, 2020

Related information page is now available for AWS Control Tower

The related information page makes it easier to find common tasks that may be helpful after setting up your AWS Control Tower landing zone.

September 18, 2020

AWS Control Tower console shows more detail about OUs and accounts.

Within the AWS Control Tower console, you can view more detail about your AWS accounts and organizational units (OUs). The ‘Accounts’ page now lists all accounts in your organization, regardless of OU or enrollment status in AWS Control Tower. You can now search, sort, and filter across all tables.

July 22, 2020

AWS Control Tower allows existing organizations to set up a landing zone

You can now launch a landing zone for AWS Control Tower in an existing organization, to bring the organization into governance. The Quick account provisioning capability in AWS Control Tower was renamed to Enroll account and it now permits enrollment of existing AWS accounts as well as creation of new accounts.

April 16, 2020

AWS Control Tower is now available in Asia Pacific

AWS Control Tower is now available to be deployed in the Asia Pacific (Sydney) AWS Region. This release requires manual updates to vended accounts, update only if you plan to run workloads in Asia Pacific (Sydney).

March 3, 2020

Decommissioning an AWS Control Tower landing zone is possible

AWS Support can help you permanently decommission a landing zone through a mostly automated process that preserves your organizations, although some manual cleanup is required.

February 27, 2020

Quick account provisioning is available in AWS Control Tower

Quick account provisioning makes it easier to launch new member accounts when your landing zone is up to date, with the Enroll account feature.

February 20, 2020

Lifecycle events are tracked in AWS Control Tower

Lifecycle events provide additional details for certain AWS Control Tower events, to make some workflow automation easier.

December 12, 2019

Settings and Activities pages are available for AWS Control Tower

The Settings and Activities pages make it easier to update your landing zone and to view logged events.

November 30, 2019

Additional preventive guardrails are available for AWS Control Tower

Preventive guardrails in AWS Control Tower keep your organization and resources aligned with your environment.

September 6, 2019

Additional detective guardrails are available for AWS Control Tower

Detective guardrails in AWS Control Tower give information about the state of your organization and resources.

August 27, 2019

AWS Control Tower is now generally available

AWS Control Tower is a service that offers the easiest way to set up and govern your multi-account AWS environment at scale.

June 24, 2019