AWS Config Proactive Compliance VS Control Tower Proactive Controls


Hi all,

I've a question regarding the new released features of AWS Control Tower and AWS Config. What is the difference between AWS Control Tower Proactive Controls and AWS Config Proactive Compliance and why should I use one instead of the other ?

and if there is a way to use AWS Config Proactive Compliance with CloudFormation ?


asked a month ago62 views
1 Answer

AWS Control Tower offers the easiest way to set up and govern a secure, multi-account AWS environment. Control Tower make use for AWS Config to detect(reactive) or prevent (proactive) policy violations. If the environment is single AWS account, we can just make use of AWS Config. We can make use of AWS CloudFormation Guard in your deployment pipelines to check for compliance proactively and ensure that a consistent set of policies are applied both before and after resources are provisioned. For more details, refers to blog at:

answered a month ago
  • there are any examples regarding the use of Cloudformation Guards with AWS Config rules in Proactive mode ?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions