How does AWS Control Tower establish your multi-account environment?
AWS Control Tower offers a straightforward way to set up and govern an AWS multi-account environment, following prescriptive best practices. AWS Control Tower orchestrates the capabilities of several other AWS services, including AWS Organizations, Service Catalog, and AWS IAM Identity Center. This section describes at a high level how AWS Control Tower establish a multi-account environment and landing zone. Your landing zone is a well-architected multi-account environment for all of your AWS resources. You can use this environment to enforce compliance regulations on all of your AWS accounts.
Establish your multi-account environment with AWS Control Tower
When you set up your multi-account environment using AWS Control Tower, it creates two OUs.
Security OU—Within this OU, AWS Control Tower creates two accounts:
Log Archive
Audit (This account corresponds to the Security Tooling account discussed previously in the guidance.)
Sandbox OU—This OU is the default destination for accounts created within AWS Control Tower. It contains accounts in which your builders can explore and experiment with AWS services, and other tools and services, subject to your team's acceptable use policies.

OUs and accounts created by AWS Control Tower
AWS Control Tower allows you to create, register, and manage additional OUs to expand the initial environment to implement the guidance.
The following diagram shows the OUs initially deployed by AWS Control Tower. You can expand your AWS environment to implement any of the recommended OUs included in the diagram, to meet your requirements.

OUs initially deployed by AWS Control Tower
Next steps for setting up your multi-account environment
To get started with AWS Control Tower, see Getting started with AWS Control Tower. We recommend that you review the prerequisites and next steps required to establish your multi-account environment on AWS.
For complete guidance on establishing your multi-account environment, review the guidance included in this whitepaper.