AWS Control Tower Information Reviews & Insights

We have multiple companies along with multiple clients that require separate AWS accounts. With AWS Control Tower it makes it simple and easy to have a central point to monitor and control all the AWS accounts.

If you have more than 3 AWS accounts or strict security requirements (e.g PCI, SOC II) Control Tower is a must. If you only have 1-2 accounts and few users the added complexity of the control tower is likely not worth the time.

AWS Control Tower allows you to set up a baseline environment, in the parlance of Control Tower, this is called a landing zone. The value adds of this product is that the default baseline environment that is set up by AWS Control Tower includes AWS best practices by default. This includes best practices from AWS Well-Architected Framework. In our case, we were interested in experimenting with a lower overhead setup for an ancillary AWS account.

We were wanting to prove the concept of a low touch process for quickly spinning up boilerplate AWS environments. We were able to get started quickly and to ensure that the AWS Well-Architected Framework principles were followed - at least upfront - however, we found that for our use case and expertise level it ultimately wasn't a fit. We have the skills on our team to manage more of this on our own. My recommendation would be contingent on what skills are already available on your team: if you can "do it yourself" you might as well so that you don't pay for resources you don't need and you have finer grain control over what's created.