Easy way to set up and govern a secure and compliant multi-account AWS environment It uses AWS Organizations to create accounts
Benefits:
- Automate the set up of your environment in a few clicks
- Automate ongoing policy management using guardrails
- Detect policy violations and remediate them
- Monitor compliance through an interactive dashboard
Guardrails
Provides ongoing governance for you ControlTower environment
- Preventative Guardrail: Using SCPs (restrict region across all your accounts)
- Detective Guardrail: using AWS Config (identify untagged resources)