Document history - AWS Control Tower

Document history

  • Latest documentation update: April 16, 2021

The following table describes important changes to the AWS Control Tower User Guide. For notifications about documentation updates, you can subscribe to the RSS feed.

Change Description Date

Customized names for OUs and accounts

AWS Control Tower allows you to provide customized names during the landing zone setup process, for essential OUs and accounts, without creating drift.

April 16, 2021

Decommissioning a landing zone is self-service

AWS Control Tower now allows you to decommission a landing zone without contacting AWS Support. Decommissioning is a semi-automated process that cannot be undone. It is not the same as deleting all AWS Control Tower resources manually.

April 9, 2021

Three additional Regions

AWS Control Tower is now available in three additional AWS Regions: Asia Pacific (Tokyo) Region, Asia Pacific (Seoul) Region, and Asia Pacific (Mumbai) Region.

April 8, 2021

New Log Archive guardrails, landing zone version 2.7 available

Four new Log Archive guardrails provide Log Archive governance over AWS Control Tower resources, separately from governance of resources outside of AWS Control Tower. Guidance on four existing guardrails has changed from mandatory to elective. Version 2.7 of the AWS Control Tower landing zone includes a requirement for HTTPS, which cannot be undone after you update.

April 8, 2021

Region selection

AWS Control Tower Region selection provides better ability to manage the geographical footprint of your AWS Control Tower resources. To expand the number of Regions in which you host AWS resources or workloads – for compliance, regulatory, cost, or other reasons – you can now select the additional Regions to govern.

February 19, 2021

Register an OU and govern all of its accounts with AWS Control Tower at one time

AWS Control Tower adds the capability to register an OU, which is a way to bring multiple accounts into governance at the same time.

January 28, 2021

Multiple account updates in registered OUs

You can now update all accounts in any registered AWS Organizations organizational unit (OU) containing up to 300 accounts, with a single click, from the AWS Control Tower dashboard. The multiple account update feature, also referred to as bulk update, eliminates the need to update one account at a time, or to use an external script to perform the update on multiple accounts together.

January 28, 2021

New role for aggregating unmanaged OUs and accounts

A new role assists in detecting external AWS Config rules, so AWS Control Tower does not need to gain access to unmanaged accounts.

December 29, 2020

AWS Control Tower is available in more AWS Regions.

AWS Control Tower is now available to be deployed in the Asia Pacific (Singapore) Region, Europe (Frankfurt) Region, Europe (London) Region, Europe (Stockholm) Region, and Canada (Central) Region. With this launch AWS Control Tower is now available in 10 AWS Regions. This landing zone update includes all Regions listed, and it cannot be undone. After updating your landing zone to version 2.5, you must manually update all enrolled accounts for AWS Control Tower to govern in the 10 supported AWS Regions.

November 18, 2020

Guardrail update

An updated version has been released for the mandatory guardrail AWS-GR_IAM_ROLE_CHANGE_PROHIBITED. The updated guardrail allows easier automated enrollment of accounts.

October 8, 2020

Related information page is now available for AWS Control Tower

The related information page makes it easier to find common tasks that may be helpful after setting up your AWS Control Tower landing zone.

September 18, 2020

AWS Control Tower console shows more detail about OUs and accounts.

Within the AWS Control Tower console, you can view more detail about your AWS accounts and organizational units (OUs). The ‘Accounts’ page now lists all accounts in your organization, regardless of OU or enrollment status in AWS Control Tower. You can now search, sort, and filter across all tables.

July 22, 2020

AWS Control Tower allows existing organizations to set up a landing zone

You can now launch a landing zone for AWS Control Tower in an existing organization, to bring the organization into governance. The Quick account provisioning capability in AWS Control Tower was renamed to Enroll account and it now permits enrollment of existing AWS accounts as well as creation of new accounts.

April 16, 2020

AWS Control Tower is now available in Asia Pacific

AWS Control Tower is now available to be deployed in the Asia Pacific (Sydney) AWS Region. This release requires manual updates to vended accounts, update only if you plan to run workloads in Asia Pacific (Sydney).

March 3, 2020

Decommissioning an AWS Control Tower landing zone is possible

AWS Support can help you permanently decommission a landing zone through a mostly automated process that preserves your organizations, although some manual cleanup is required.

February 27, 2020

Quick account provisioning is available in AWS Control Tower

Quick account provisioning makes it easier to launch new member accounts when your landing zone is up to date, with the Enroll account feature.

February 20, 2020

Lifecycle events are tracked in AWS Control Tower

Lifecycle events provide additional details for certain AWS Control Tower events, to make some workflow automation easier.

December 12, 2019

Settings and Activities pages are available for AWS Control Tower

The Settings and Activities pages make it easier to update your landing zone and to view logged events.

November 30, 2019

Additional preventive guardrails are available for AWS Control Tower

Preventive guardrails in AWS Control Tower keep your organization and resources aligned with your environment.

September 6, 2019

Additional detective guardrails are available for AWS Control Tower

Detective guardrails in AWS Control Tower give information about the state of your organization and resources.

August 27, 2019

AWS Control Tower is now generally available

AWS Control Tower is a service that offers the easiest way to set up and govern your multi-account AWS environment at scale.

June 24, 2019