Overview - Customizations for AWS Control Tower


The Customizations for AWS Control Tower solution combines AWS Control Tower and other highly-available, trusted AWS services to help customers more quickly set up a secure, multi-account AWS environment using AWS best practices. This solution enables customers to easily add customizations to their AWS Control Tower landing zone using an AWS CloudFormation template and service control policies (SCPs). You can deploy the custom template and policies to individual accounts and organizational units (OUs) within your organization. This solution integrates with AWS Control Tower lifecycle events to ensure that resource deployments stay in sync with the customer's landing zone. For example, when a new account is created using the AWS Control Tower account factory, the solution ensures that all resources attached to the account's OUs will be automatically deployed.

AWS Control Tower helps customers set up a landing zone in their AWS accounts based on best practices for ongoing governance over AWS workloads. Before deploying this solution, customers must have an AWS Control Tower landing zone deployed in their account.


You are responsible for the cost of the AWS services used while running this solution. As of the date of publication, the cost for running this solution depends on the number of AWS CodePipeline runs, the duration of AWS CodeBuild runs, the number and duration of AWS Lambda functions, and the number of Amazon EventBridge events published. For example, if you run 100 builds in one month using build.general1.small where each build runs for five minutes, then the approximate cost for running this solution is $3.00 per month. For full details, see the pricing webpage for each AWS service you will be using in this solution.

The Amazon Simple Storage Service (Amazon S3) bucket and AWS CodeCommit Git-based repository resources are retained after the solution template is deleted to protect the customer configuration. Depending on the option selected, you are charged based on the amount of data stored in the S3 bucket and the number of Git requests (not applicable to Amazon S3 resource). Refer to Amazon S3 and AWS CodeCommit pricing for details.