AWS Control Tower Reviews and Ratings

Rating: 9.3 out of 10

Score

9.3 out of 10

Reviews

4 Reviews

AWS Control Tower in multi AWS account scenarios

Rating: 9 out of 10

Incentivized

September 25, 2023

Use Cases and Deployment Scope

AWS Control Tower allows me to provision predefined compliant and secure AWS accounts in an automated fashion

Pros

AWS Control Tower integrates with AWS organizations
AWS Control Tower provides Account Factory to provision preconfigured AWS accounts
AWS Control Tower helps to isolate workloads and billing via AWS accounts separation
AWS Control Tower supports data residency controls out of the box
AWS Control Tower supports post provisioning actions to newly provisioned AWS accounts: for example it can trigger enabling VPC flow logs in the new account

Cons

If possible it would be nice to see an automated option to close AWS accounts created with the Account Factory

Likelihood to Recommend

Multi - account scenario is perfect example where AWS Control Tower should be used - to separate workloads in individual accounts. I.E. development and production in different accounts with separate billing

Arkadiusz Góral

Lead Engineer in Information Technology at Dense Neuron (11-50 employees)

Vetted Review

2 years of experience

View profile

Control tower is a must for separation of concerns

Rating: 9 out of 10

Incentivized

May 6, 2022

Use Cases and Deployment Scope

We started using AWS Control Tower to split up our workloads into separate accounts to follow the AWS well-architected framework. AWS Control Tower makes it easy to create new accounts and drive policies across them all. So our root account handles creating other accounts for us and ensures they all have logging and our security practices in place.

Pros

Easily create new AWS accounts.
Easily secure and manage AWS accounts.
Landing zone with SSO is a huge win for larger teams.

Cons

Can be slow at times to reflect changes.
The GUI in the console is not always the most user-friendly and errors can be non-descript.
Cannot change some key info about an account from AWS Control Tower once it's provisioned.

Likelihood to Recommend

AWS Control Tower is great if you have multiple organizations or disciplines inside a company that needs to be separated for billing purposes or separation of concern. Multiple accounts is part of AWS's well-architected framework and are generally a good idea. AWS Control Tower makes central logging easy which enables those logs to be quickly picked up by a logging tool to provide even more reports and insight. For smaller organizations, AWS Control Tower may seem like an over-engineered solution

kevin mcgillicuddy

IT Infrastructure Supervisor in Information Technology at Sight and Sound Theatres (201-500 employees)

Vetted Review

2 years of experience

AWS Control Tower makes multi-account AWS management easy

Rating: 9 out of 10

Incentivized

May 5, 2022

Use Cases and Deployment Scope

We have multiple companies along with multiple clients that require separate AWS accounts. With AWS Control Tower it makes it simple and easy to have a central point to monitor and control all the AWS accounts.

Pros

Guardrails make securing accounts easy and quick.
AWS SSO allows us a central point for controlling users and groups across each account.
Centralized logging serves as a single point to monitor each environment.
Landing zones allow us to apply templates for each account and customize each one from a central point as well.

Cons

The AWS SSO GUI is not very intuitive and determining how to apply policies to users without creating redundant logins has been a challenge.
The default guardrails do not fully encompass all the security checks that we needed.
There does not appear to be any way to control roles at the IAM level from the control tower account through the GUI.
Some features on AWS accounts still require logging into the individual account with the root user and cannot be done from AWS Control Tower.

Likelihood to Recommend

If you have more than 3 AWS accounts or strict security requirements (e.g PCI, SOC II) Control Tower is a must. If you only have 1-2 accounts and few users the added complexity of the control tower is likely not worth the time.

Alex Kranz

Senior System Administrator in Information Technology at Bridgeline Digital (51-200 employees)

Vetted Review

1 year of experience

AWS Control Tower: an AWS Framework that might be more than you need

Rating: 7 out of 10

Incentivized

May 5, 2022

Use Cases and Deployment Scope

AWS Control Tower allows you to set up a baseline environment, in the parlance of Control Tower, this is called a landing zone. The value adds of this product is that the default baseline environment that is set up by AWS Control Tower includes AWS best practices by default. This includes best practices from AWS Well-Architected Framework. In our case, we were interested in experimenting with a lower overhead setup for an ancillary AWS account.

Pros

I like being able to see policy-level summaries of my AWS environment.
It is great for moving quickly with minimal risk of severe blunders.
Provisioning a new account within the purview of the Control Tower is quick and easy.

Cons

This level of abstraction leaves you vulnerable to not knowing exactly what's been created, and that can enable you to mess things up.
Because it provisions things on your behalf, you might end up paying for resources you don't need.
The import process of existing accounts, which we did not end up pursuing, is tedious and manual.

Likelihood to Recommend

We were wanting to prove the concept of a low touch process for quickly spinning up boilerplate AWS environments. We were able to get started quickly and to ensure that the AWS Well-Architected Framework principles were followed - at least upfront - however, we found that for our use case and expertise level it ultimately wasn't a fit. We have the skills on our team to manage more of this on our own. My recommendation would be contingent on what skills are already available on your team: if you can "do it yourself" you might as well so that you don't pay for resources you don't need and you have finer grain control over what's created.

Verified User

Contributor in Engineering (1001-5000 employees)

Vetted Review

1 year of experience

Loading Reviews List....

AWS Control Tower: an AWS Framework that might be more than you need

Rating: 7 out of 10

Incentivized

May 5, 2022

Use Cases and Deployment Scope

Pros

I like being able to see policy-level summaries of my AWS environment.
It is great for moving quickly with minimal risk of severe blunders.
Provisioning a new account within the purview of the Control Tower is quick and easy.

Cons

This level of abstraction leaves you vulnerable to not knowing exactly what's been created, and that can enable you to mess things up.
Because it provisions things on your behalf, you might end up paying for resources you don't need.
The import process of existing accounts, which we did not end up pursuing, is tedious and manual.

Likelihood to Recommend

Verified User

Contributor in Engineering (1001-5000 employees)

Vetted Review

1 year of experience