AWS Control Tower: an AWS Framework that might be more than you need
Rating: 7 out of 10
IncentivizedUse Cases and Deployment Scope
AWS Control Tower allows you to set up a baseline environment, in the parlance of Control Tower, this is called a landing zone. The value adds of this product is that the default baseline environment that is set up by AWS Control Tower includes AWS best practices by default. This includes best practices from AWS Well-Architected Framework. In our case, we were interested in experimenting with a lower overhead setup for an ancillary AWS account.
Pros
- I like being able to see policy-level summaries of my AWS environment.
- It is great for moving quickly with minimal risk of severe blunders.
- Provisioning a new account within the purview of the Control Tower is quick and easy.
Cons
- This level of abstraction leaves you vulnerable to not knowing exactly what's been created, and that can enable you to mess things up.
- Because it provisions things on your behalf, you might end up paying for resources you don't need.
- The import process of existing accounts, which we did not end up pursuing, is tedious and manual.
Likelihood to Recommend
We were wanting to prove the concept of a low touch process for quickly spinning up boilerplate AWS environments. We were able to get started quickly and to ensure that the AWS Well-Architected Framework principles were followed - at least upfront - however, we found that for our use case and expertise level it ultimately wasn't a fit. We have the skills on our team to manage more of this on our own. My recommendation would be contingent on what skills are already available on your team: if you can "do it yourself" you might as well so that you don't pay for resources you don't need and you have finer grain control over what's created.