By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

LZA and Control Tower

0

Why is it recommended to use AWS Control Tower for LZA, What extra benefits do you get from it? Thank you in advance for your help an guidance.

Topics
Security, Identity, & ComplianceManagement & Governance
Tags
Security, Identity, & ComplianceAWS Control TowerAWS OrganizationsAWS Account Management
Language
English
seyed
asked a year ago1069 views
2 Answers
0
Accepted Answer

hi,

AWS Control Tower offers you the capability to build and manage a multi account environment. It's a collection of

  1. Landing Zone
  2. Guardrails
  3. Account Factory for automating account provisioning

You have a dashboard to monitor and control your LZ's and accounts. It provides blueprints with the best practices which we can pick for our landing zone and that significantly reduces the time on LZ creation. The difference lies with the prebuilt templates, guardrails and is designed to provide an easy, self-service setup experience and an interactive user interface.

Please refer this on why AWS Control Tower here: https://d1.awsstatic.com/events/aws-reinforce-2022/GRC374_Automate-governance-of-environments-with-AWS-Control-Tower.pdf

Thanks Arun

AWS
Arun
answered a year ago
profile picture
EXPERT
Giovanni Lauria
reviewed a month ago
  • seyed
    a year ago

    Thank you Arun

0

In order to deploy LZA (Landing Zone Accelerator) you must have wither AWS Control Tower or AWS Organizations enabled. You can see the pre-requisite here.

In terms of he benefits using LZA will have more features then using Control Tower alone and that is why it is recommended to deploy on top of Control Tower. LZA provides a comprehensive no-code solution across 35+ AWS services and gives you the automation to deploy SCP policies, complex network setup's with TGW and VPC creation, security controls with GuardDuty and SecurityHub and even add your own customized Cloudformation scripts on top of LZA natively. You can view the architecture diagram of what gets deployed here.

if your organization has fewer accounts and less complexities it is recommended that you start with AWS Control Tower so it will be easier to manage and lower cost. If you require an enterprise level governance for your organization then would make sense to deploy LZA on top of it.

AWS
debbie
answered a year ago
  • seyed
    a year ago

    Hi there AWS-User-9543277, had a follow up question to your answer hope you can help. You mentioned "add your own customized Cloudformation scripts on top of LZA natively", could you elaborate and explain if these customised CF scripts can be within LZA solution as supplied by AWS or should theybe outside the LZA solution. Thank you for your help in advance.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content