Next steps

Now that your landing zone is set up, it's ready for use.

To learn more about how you can use AWS Control Tower, see the following topics:

For recommended administrative practices, see Best Practices.
You can set up IAM Identity Center users and groups with specific roles and permissions. For recommendations, see Recommendations for setting up groups, roles, and policies .
To begin enrolling organizations and accounts from your AWS Organizations deployments, see Govern existing organizations and accounts.
Your end users can provision their own AWS accounts in your landing zone using Account Factory. For more information, see Permissions for configuring and provisioning accounts.
To assure Compliance Validation for AWS Control Tower, your central cloud administrators can review log archives in the Log Archive account, and designated third-party auditors can review audit information in the Audit (shared) account, which is a member of the Security OU.
To learn more about the capabilities of AWS Control Tower, see Related information.
Try visiting a curated list of YouTube videos that explain more about how to use AWS Control Tower functionality.
From time to time, you may need to update your landing zone to get the latest backend updates, the latest controls, and to keep your landing zone up-to-date. For more information, see Configuration update management in AWS Control Tower.
If you encounter issues while using AWS Control Tower, see Troubleshooting.

If you have not yet enabled MFA for your account's root user, do so now. For more information about best practices for the root user, see Best practices to protect your account's root user.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Manage existing landing zone

Limitations and quotas