- Newest
- Most votes
- Most comments
Hi Vole Niagara
From the note, I understand you've enabled AWS Control Tower in a personal development account in order to learn the platform and prepare for AWS exams. Since you have to pay for this, you are very conscious of any unreasonable costs. You noticing right away that Control Tower has enabled more than 20 guard rails and is driving up AWS Config costs. How do you nip this in the bud. Please correct me if my understanding is wrong.
You can delete the account but you will have to pay what you owe. Can enroll a new account and manage Guardrails from AWS Control. Please check pricing for Control Tower[1]. AWS Config works based on resource changes/updates/creation then evaluation costs. if you are being billed for Config, then you need to stop recording or adjust what is being recorded. Please note only certain guardrail types can be managed from within Control Tower[2]. Mandatory guard rails are automatically applied to member accounts and can only be detached buy modifying the SCP policies in the AWS Organizations Root account. This action will cause that needs to be remediated, even if the guard rail is reattached later. You can reduce costs on how to manage control Tower in multiple account[3].
I hope the above information is helpful.
References:
1.https://aws.amazon.com/controltower/pricing/ 2.https://aws.amazon.com/solutions/implementations/customizations-for-aws-control-tower/ 3.https://aws.amazon.com/blogs/apn/reducing-the-cost-of-managing-multiple-aws-accounts-using-aws-control-tower/#:~:text=Managing%20AWS%20Control%20Tower%20Costs
Relevant content
- asked 10 months ago
- asked 7 months ago
- asked 2 years ago
- asked 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 years ago
I ended up having to decommission Control Tower [1] in my personal accounts because attempts to turn off AWS Config caused all SSO account to become broken and unusable. Overall, my experience with Control Tower was not good, and I recommended to my management that we not use this service for our enterprise accounts.