Set up multi-account management with AWS Control Tower

Using AWS Control Tower you can implement a multi-account scheme, as recommended by best practices, where you can centrally enforce policies (guard rails) while you centralize and protect AWS Cloudtrail logs in a designated logging account.

Delegated Administration - Services integrated to AWS Organizations

The following services are integrated to AWS Organizations (AWS Control Tower uses AWS Organizations) and support delegated administration, therefore, the security team can have visibility about the security and compliance of the whole organization from the security account:

  • AWS Security Hub
  • Amazon GuardDuty
  • Amazon Macie
  • Amazon Detective
  • AWS Firewall Manager
  • IAM Access Analyzer
  • Amazon Inspector
  • AWS Audit Manager

Pricing

https://aws.amazon.com/controltower/pricing