User talk:Batif123

AWS CONTROL TOWER
'--Batif123 (talk) 02:20, 2 February 2022 (UTC)This article is written to explain to you why to use AWS control tower and how it can help your organization to handle multiple AWS account.'

AWS Control Tower: AWS Control Tower is a service that enables you to enforce and manage governance rules for security, operations, and compliance at scale across all your organisations and accounts in the AWS Cloud.

How it works: Setup: Setup the automated AWS control tower to monitor and governance rules of cloud premises. Apply guardrails: The second step is to apply the security promises to your cloud account. Like single-sign in and many more through IAM policies. Get Visibility: Monitor compliances and resources, have a look in every movement of resources and compliances.

Why should we use Control tower? Setup an AWS landing zone:
 * 1) Setup basic practices of AWS environments in a few clicks.
 * 2) Standardise account provisions.
 * 3) Centralised policy management.
 * 4) Enforce governance and compliance proactively.
 * 5) Enable end user self services.
 * 6) Get continuous visibility of your AWS environment.

 Steps Involved:  1. Centralised identity and access: 2. Establish guardrails Foe detail visit official Blog Page
 * 1) Landing zone: a pre-configured, secure, scalable, multi-account AWS environment based on the best practice blue-prints.
 * 2) Multi-account management using AWS organisation.
 * 3) Identity and federated access management using AWS SSO.
 * 4) Centralised log archive using AWS cloudtrail and AWS config.
 * 5) Cross account audit using AWS IAM and AWS SSO.
 * 6) End user account provision using service catalog.
 * 7) Centralised monitoring and notifications using AWS cloudwatch and AWS SNS.
 * 1) AWS SSO provides a default directory for identity.
 * 2) AWS SSO enables federated access management across all accounts in your organisation.
 * 3) Preconfigured groups (eg. AWS control tower administrator. Auditors. AWS service catalog end users).
 * 4) Preconfigured permission sets (e.g admin, read-only, write).
 * 5) Option to integrate with your managed or on-premises Active directory (AD).
 * 1) Guardrails are preconfigured governance rules for security, compliance and operations.
 * 2) Expressed in simple english to provide abstraction over granular AWS policies.