All news with #aws control tower tag

AWS Control Tower adds automatic account enrollment

🔁 AWS Control Tower customers can now automatically enroll member accounts simply by moving them into an Organizational Unit (OU). When moved, Control Tower applies the destination OU's baseline configurations and controls and removes the originals from the prior OU, removing the need for manual re-registration. This streamlines provisioning by allowing accounts to be created and then placed in the correct OU using the AWS Organizations console or the CreateAccount and MoveAccount APIs. Customers on landing zone version 3.1+ can opt in by toggling the automatically enroll accounts flag or by setting RemediationTypes to Inheritance_Drift in the CreateLandingZone or UpdateLandingZone APIs.

AWS Control Tower Now Available in Asia Pacific (NZ)

🚀 AWS Control Tower is now available in the AWS Asia Pacific (New Zealand) Region, bringing the service to 34 AWS Regions plus the AWS GovCloud (US) Regions. The service simplifies setup and governance of a secure, multi-account AWS environment, enabling a landing zone in 30 minutes or less and centralized visibility into compliance status. Existing customers can extend governance to the new region via the Control Tower settings by selecting regions and updating their landing zone; once applied, governed accounts, managed accounts, and registered organizational units (OUs) will be managed in the new region.

Digital Sovereignty Sessions at AWS re:Invent 2025 Guide

📘 The AWS re:Invent 2025 attendee guide highlights the conference's digital sovereignty program, detailing sessions, workshops, and code talks focused on data residency, hybrid and edge deployments, and sovereign infrastructure. Key topics include the AWS European Sovereign Cloud, AWS Outposts, Local Zones, and security features such as the Nitro System. Practical workshops and chalk talks demonstrate RAG, agentic AI, and low-latency SLM deployments with operational controls and compliance patterns. Reserve seating via the attendee portal or access sessions with the free virtual pass.

Defense-in-Depth: Building an AWS Control Framework

🔒 This post outlines a practical, layered approach to reduce risk in AWS by moving beyond detective-only controls to a comprehensive defense‑in‑depth control framework. It recommends combining preventative, proactive, detective, and responsive controls across the resource lifecycle and illustrates how AWS services such as AWS Control Tower, AWS Organizations, Security Hub, and AWS Config enable that strategy. The guidance covers concrete patterns—from SCPs, RCPs and policy‑as‑code in CI/CD to automated remediation via Lambda and Systems Manager—to scale governance, reduce findings, and shorten remediation time.

AWS CloudFormation Hooks Adds Managed Proactive Controls

🔔 AWS CloudFormation Hooks now supports managed proactive controls, allowing teams to validate resource configurations against AWS best practices without writing custom Hook logic. Customers can select controls from the AWS Control Tower Controls Catalog and apply them during CloudFormation operations, and run them in warn mode for nonblocking evaluation before enforcing policies. A new Hooks Invocation Summary page provides a centralized historical view of control executions and outcomes to simplify compliance reporting and troubleshooting.

AWS Control Tower Adds IPv6 Support Across Regions

🌐 AWS Control Tower and the Control Catalog APIs now accept IPv6 addresses through dual‑stack public endpoints, enabling connections over IPv6, IPv4, or both. The existing IPv4-only endpoints remain available for backwards compatibility. Support is available in all Regions where Control Tower and Control Catalog are offered, helping reduce overlapping address space in Amazon VPCs as IPv6 adoption grows. Customers should consult AWS guidance and the IPv6 on AWS whitepaper for configuration and best practices.