Hi Vole Niagara

From the note, I understand you've enabled AWS Control Tower in a personal development account in order to learn the platform and prepare for AWS exams. Since you have to pay for this, you are very conscious of any unreasonable costs. You noticing right away that Control Tower has enabled more than 20 guard rails and is driving up AWS Config costs. How do you nip this in the bud. Please correct me if my understanding is wrong.

You can delete the account but you will have to pay what you owe. Can enroll a new account and manage Guardrails from AWS Control. Please check pricing for Control Tower[1]. AWS Config works based on resource changes/updates/creation then evaluation costs. if you are being billed for Config, then you need to stop recording or adjust what is being recorded. Please note only certain guardrail types can be managed from within Control Tower[2]. Mandatory guard rails are automatically applied to member accounts and can only be detached buy modifying the SCP policies in the AWS Organizations Root account. This action will cause that needs to be remediated, even if the guard rail is reattached later. You can reduce costs on how to manage control Tower in multiple account[3].

I hope the above information is helpful.

References:

1.https://aws.amazon.com/controltower/pricing/ 2.https://aws.amazon.com/solutions/implementations/customizations-for-aws-control-tower/ 3.https://aws.amazon.com/blogs/apn/reducing-the-cost-of-managing-multiple-aws-accounts-using-aws-control-tower/#:~:text=Managing%20AWS%20Control%20Tower%20Costs