DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
What's in store for DevOps in 2023? Hear from the experts in our "DZone 2023 Preview: DevOps Edition" on Fri, Jan 27!
Save your seat
  1. DZone
  2. Software Design and Architecture
  3. Cloud Architecture
  4. How AWS Control Tower Lowers the Barrier to Enterprise Cloud Migration

How AWS Control Tower Lowers the Barrier to Enterprise Cloud Migration

We're bringing it (as in, the dozens of AWS accounts your enterprise has) all together with the recently-announced AWS Control Tower.

Ben Tannahill user avatar by
Ben Tannahill
·
Jan. 16, 19 · Presentation
Like (2)
Save
Tweet
Share
8.61K Views

Join the DZone community and get the full member experience.

Join For Free

Scaling AWS cloud migration to the enterprise just got a whole lot less scary. Let’s give a warm welcome to AWS Control Tower.

If there was one announcement at AWS re:Invent 2018 that made us do the happy dance for our enterprise clients, it was the announcement of AWS Control Tower. It’s a new central control center that allows enterprises to have a single jump-off point for multi-AWS account management across teams, departments, and international borders.

Why? Because it will help prove the value of the cloud to our clients faster.

When we talk about enterprise cloud service and infrastructure migration with clients, and how to do it effectively, we come across the same questions:

  • How can we ensure it’s secure?
  • How can we ensure it’s easy, adaptable and scalable?
  • How can we ensure compliance and meet auditing requirements?
  • How can we effectively manage multiple teams’ configurations

Above all, how can we do it quickly?

Too often we see enterprises take months to get the basic building blocks in place to enable them to experiment with new ways of working in the cloud.

No longer.

The deep benefit of AWS Control Tower is that it allows developers to start being creative in the cloud almost at the click of a button while giving managers the confidence that everything is secure, compliant and in line with AWS best-practice.

A Common Enterprise AWS Cloud Migration Pattern

What do we often see in terms of enterprise AWS cloud migration?

There will be a pilot team, who tests out migrating to an AWS cloud or hybrid solution. This goes well, at which point several other teams will also implement similar solutions, perhaps working to an overarching and evolving setup and configuration blueprint, but, at times, simply developing their own, based on the experiences of the teams before them.

What this leads to (beyond a handful of teams) is a patchwork of solutions across an enterprise. Even for organizations with a set of rules to develop team AWS implementations, management and monitoring of the team accounts as a whole is not defined (or if it is, it’s a custom, in-house solution). Migration to the cloud here is piecemeal and inefficiently (and often ineffectively) managed at the enterprise level.

In effect, it’s a pilot team, and then a pilot group of teams – without any systems in place to facilitate an enterprise-wide rollout.

Traditionally, at this point, organizations draw up their own overarching architecture for management, monitoring, setup processes, along with a standard configuration model for teams to build on.

To do this with more repeatable systems, enterprises may already be using products like:

  • AWS Identity and Access Management (IAM) for user access and permissions;
  • AWS Service Catalog for an approved list of AWS services;
  • AWS Config for resource monitoring;
  • and perhaps even AWS Organizations for policy-based account management.

But this can take months in a bureaucratic environment. AWS Control Tower goes a step further, providing a central control point to orchestrate all of this securely. It offers management, governance, monitoring, and provisioning across AWS cloud teams. It’s specifically designed for large enterprises with an existing mix of different developer, DevOps, systems, and engineering teams, and new teams coming online regularly. It’s the type of tool that allows you to effectively manage hundreds or even thousands of these teams, not just three or four.

AWS Control Tower In a Nutshell

AWS Control Tower allows you to create, manage and monitor any number of AWS accounts securely, utilizing best-practice design patterns. It’s how to scale AWS to the enterprise efficiently: in a repeatable manner with central control and monitoring, while ensuring built-in security and compliance of all team implementations.

AWS Control Tower removes the need to build a custom in-house management system of AWS accounts and rollouts (and/or a patchwork of AWS enterprise control products), saving you the time of developing a custom solution. It even allows for the implementation of your own virtual private network for AWS resources with Amazon VPC.

Control Tower allows organizations to:

  • Setup multiple AWS configurations using infrastructure-as-code, utilizing best practices and blueprints
  • Do identity management with Single Sign-Ons
  • Perform central logging
  • Perform security audits with Identity & Access Management
  • Create workflows for account provisioning
  • Ensure compliance to set rules with Guardrails

In short, it’s secure build and automation for enterprise AWS account control and rollout.

Isn’t It the Same as Landing Zone?

Previously, we have talked about an AWS Landing Zone setup, and how it allows customers to set up a set of AWS accounts from scratch, without the burden of typical overheads.

With the same tagline for Landing Zone as it is for Control Tower, you might think that Control Tower is just AWS Landing Zone rebranded. However, it goes a little further, giving you a step-by-step process to customize the build and automate the creation of an AWS Landing Zone, securely. This means that you no longer have to have an AWS Landing Zone expert on your team already to set up a Landing Zone yourself.

What’s the Catch?

To effectively set up AWS Control Tower, it’s important to define clear guidelines for the enterprise about cloud governance, management, and processes. If you don’t have a firm cloud strategy, we recommend having a read of Amazon’s post on the subject – Using a Cloud Center of Excellence (CCOE) to Transform the Entire Enterprise – it’s not a bad starting point.

The other catch? At the time of print, AWS Control Tower isn’t available for full release. However, you can sign up for the preview version here, or check out AWS Landing Zone in the meantime.

Contino is a leading global DevOps and cloud transformation consultancy with global clients such as Allianz, Lloyds, Barclays, Adidas and HM Government.

AWS Cloud teams IT Barrier (computer science)

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • What Is a Kubernetes CI/CD Pipeline?
  • Bye Bye, Regular Dev [Comic]
  • Better Performance and Security by Monitoring Logs, Metrics, and More
  • ChatGPT Prompts for Agile Practitioners

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: