Related information - AWS Control Tower

Related information

This topic lists common use cases and best practices for AWS Control Tower capabilities and additional enhancements. This topic also includes links to relevant blog posts, technical documentation, and related resources that can help you as you work with AWS Control Tower.

Tutorials and labs

  • AWS Control Tower lab – These labs provide a high-level overview of common tasks related to AWS Control Tower.

  • On the AWS Control Tower dashboard, choose Get personalized guidance if you have a use case in mind but you're not sure where to start.

  • Try visiting a curated list of YouTube videos that explain more about how to use AWS Control Tower functionality.


Set up repeatable and manageable patterns for networks in AWS. Learn more about design, automation, and appliances that are commonly used by customers.

Security, identity, and logging

Extend your security posture, integrate with external or existing identity providers, and centralize logging systems.


  • Automating AWS Security Hub Alerts with AWS Control Tower lifecycle events – This blog post describes how to automate Security Hub enablement and configuration in an AWS Control Tower multi-account environment on existing and new accounts.

  • Enabling AWS Identity and Access Management – This blog post describes how to enhance your organizational security visibility by enabling and centralizing IAM Access Analyzer findings.

  • AWS Systems Manager Parameter Store provides secure, hierarchical storage for configuration data management and secrets management. You can use it to share configuration information in a secure location, for use by AWS Systems Manager and by AWS CloudFormation. For example, you can store a list of Regions in which you want to deploy conformance packs.



  • AWS Centralized Logging Solution – This solutions post describes the Centralized Logging solution which enables organizations to collect, analyze, and display logs on AWS across multiple accounts and AWS Regions.

Deploying resources and managing workloads

Deploy and manage resources and workloads.

Working with existing organizations and accounts

Work with existing AWS organizations and accounts.

Automation and integration

Automate account creation and integrate lifecycle events with AWS Control Tower.

Migrating workloads

Use other AWS services with AWS Control Tower to assist in workload migration.

  • CloudEndure migration – This blog post describes how to combine CloudEndure and other AWS services with AWS Control Tower to assist in workload migration.

AWS Control Tower acts as an orchestration layer for AWS Organizations. Therefore, by means of the AWS Organizations console and APIs, you have access to over 20 other AWS services that work with AWS Control Tower. These additional services are not accessible directly through the AWS Control Tower console.

AWS Marketplace solutions

Discover solutions from AWS Marketplace.

  • AWS Control Tower Marketplace – AWS Marketplace offers a broad range of solutions for AWS Control Tower to help you integrate third-party software. These solutions help solve key infrastructure and operational use cases including identity management, security for a multi-account environment, centralized networking, operational intelligence, and security information and event management (SIEM).