Resources

References

• Adding permissions to AWS Service Catalog Portfolio

• AWS Control Tower Customization solution

• Enroll an existing AWS account into AWS Control Tower (blog post)

• Migrate an AWS member account from AWS Organizations to AWS Control Tower (pattern)

Additional information

Tutorials and labs

• AWS Control Tower Workshop – These labs provide a high-level overview of common tasks related to AWS Control Tower.

• AWS Control Tower videos – This curated set of videos on YouTube explain more about how to use AWS Control Tower functionality.

Networking

• Self-service VPCs in AWS Control Tower using AWS Service Catalog – This blog post describes using Account Factory to provision accounts with customized VPCs.

• Implementing Serverless Transit Network Orchestrator (STNO) in AWS Control Tower – This blog post demonstrates how to automate network connectivity access across accounts. This post is intended for AWS Control Tower administrators and other people who are responsible for managing networks within their AWS environment.

Security, identity, and logging

Security

• Automating AWS Security Hub Alerts with AWS Control Tower lifecycle events – This blog post describes how to automate Security Hub enablement and configuration in an AWS Control Tower multi-account environment on existing and new accounts.

• Automate resolution for IAM Access Analyzer cross-account access findings on IAM roles – This blog post describes how to enhance your organizational security visibility by enabling and centralizing IAM Access Analyzer findings.

Identity

• The Next Evolution in AWS IAM Identity Center – This blog post describes how to use Azure AD with IAM Identity Center and AWS Control Tower.

• Single Sign-On between Okta Universal Directory and AWS (blog post)

Logging

• Centralized Logging solution – This AWS Solutions implementation enables organizations to collect, analyze, and display logs on AWS across multiple accounts and AWS Regions.

Deploying resources and managing workloads

• Continuous deployment of Cloud Custodian to AWS Control Tower (blog post)

Working with existing organizations and accounts

• Enable AWS Control Tower on organizations and accounts – This topic discusses deploying AWS Control Tower into existing organizations.

• Extend AWS Control Tower governance using AWS Config conformance packs (blog post)

• How to automate the creation of multiple accounts in AWS Control Tower (blog post)

Automation and integration

• Using lifecycle events to track AWS Control Tower actions and trigger automated workflows (blog post)

• How to automate the creation of multiple accounts in AWS Control Tower (blog post)

• VPC Flow Log automation using AWS Control Tower lifecycle events (blog post)

AWS Marketplace

• Solutions for AWS Control Tower in AWS Marketplace – AWS Marketplace offers of solutions for integrating third-party software with AWS Control Tower. These solutions help solve key infrastructure and operational use cases, including identity management, security for a multi-account environment, centralized networking, operational intelligence, and security information and event management (SIEM).