Digital sovereignty controls

Digital sovereignty means control over digital assets. AWS Control Tower offers a group of controls that are designed to enhance your digital sovereignty governance posture. The pillars of this posture are as follows:

Data residency: Control over the location of your data.

For more information, see Controls that enhance data residency protection.
Granular access: Access restrictions that limit all access to your data, unless the access is requested by you, or by a partner whom you trust.

For more information, see Region deny control applied to the OU.
Encryption: Features and controls that help you encrypt data, whether in transit, at rest, or in memory.

For example, see the control CT.APPSYNC.PR.5: Require an AWS AppSync GraphQL API cache to have encryption at rest enabled.
Resiliency: Ability to sustain operations through disruption or disconnection, which is essential in the case of events such as supply chain disruption, network interruption, and natural disaster.

For example see the control CT.NETWORK-FIREWALL.PR.5: Require an AWS Network Firewall firewall to be deployed across multiple Availability Zones.

You can read more about digital sovereignty and AWS in the blog: AWS Digital Sovereignty Pledge: Control without compromise.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Preventive controls

Digital sovereignty preventive controls