AWS Control Tower

Question 1

Explain what AWS Control Tower?

Answer 1

AWS Control Tower is a service that helps set up and govern a secure, multi-account AWS environment based on best practices.

It automates account provisioning using AWS Organizations and Account Factory.
It enforces guardrails (pre-configured policies) for security, compliance, and operations.
It provides a dashboard to monitor compliance across accounts.
Ideal for enterprises needing consistent governance in a multi-account setup.

Question 2

How can I manage AWS accounts in AWS Control Tower?

Answer 2

AWS has a feature called the account factory that enables you to create new accounts and add them to your organization.

Question 3

What are the two types of guardrails available in AWS Control Tower?

Answer 3

AWS Control Tower has two types of guardrails:
- Preventative - Enables you to disallow certain actions from occurring across your accounts
- Detective - Used for detecting whether a say MFA for root user is enabled

Question 4

How can you determine if certain accounts and resources are in compliance or not in AWS?

Answer 4

AWS Control Tower has guardrails that enable you to analyze if, for example, tags have been applied to resources or if any other resources are in or out of compliance.