BCS 450 Lecture Notes - Identity Management, Superuser, Network Architecture
Document Summary
Aws control tower is a managed service provided by aws. When you need a pre-packaged environment solution right away, you may utilize aws control tower for prescriptive guidance and a fully managed environment. The service creates a landing zone based on multi-account best practices, centralizes identity and access management, and establishes pre-configured security and compliance governance rules. Aws control tower automates the setup of a new landing zone using best practices, blueprints for identity, federated access, and account structure. Guardrails are high-level rules that provide ongoing governance for your overall aws environment. Preventive guardrails are implemented using service control policies (scps), which are a part of aws organizations. Detective guardrails are implemented using aws config rules and aws lambda functions. You have the option of creating your own bespoke landing zone solution. In this situation, you must set up a baseline environment before you can begin with identity and access management, governance, data security, network architecture, and logging.