aws control tower cost of configuration items
I've enabled AWS Control Tower in a personal development account in order to learn the platform and prepare for AWS exams. Since I have to pay for this myself, I am very conscious of any unreasonable costs. I am noticing right away that Control Tower has enabled more than 20 guard rails and is driving up AWS Config costs. How do I nip this in the bud, it's unacceptable for my purposes.
Hi Vole Niagara
From the note, I understand you've enabled AWS Control Tower in a personal development account in order to learn the platform and prepare for AWS exams. Since you have to pay for this, you are very conscious of any unreasonable costs. You noticing right away that Control Tower has enabled more than 20 guard rails and is driving up AWS Config costs. How do you nip this in the bud. Please correct me if my understanding is wrong.
You can delete the account but you will have to pay what you owe. Can enroll a new account and manage Guardrails from AWS Control. Please check pricing for Control Tower. AWS Config works based on resource changes/updates/creation then evaluation costs. if you are being billed for Config, then you need to stop recording or adjust what is being recorded. Please note only certain guardrail types can be managed from within Control Tower. Mandatory guard rails are automatically applied to member accounts and can only be detached buy modifying the SCP policies in the AWS Organizations Root account. This action will cause that needs to be remediated, even if the guard rail is reattached later. You can reduce costs on how to manage control Tower in multiple account.
I hope the above information is helpful.
1.https://aws.amazon.com/controltower/pricing/ 2.https://aws.amazon.com/solutions/implementations/customizations-for-aws-control-tower/ 3.https://aws.amazon.com/blogs/apn/reducing-the-cost-of-managing-multiple-aws-accounts-using-aws-control-tower/#:~:text=Managing%20AWS%20Control%20Tower%20Costs
I ended up having to decommission Control Tower  in my personal accounts because attempts to turn off AWS Config caused all SSO account to become broken and unusable. Overall, my experience with Control Tower was not good, and I recommended to my management that we not use this service for our enterprise accounts.
Enabling AWS Configuration on Control Tower Main Accountasked 6 months ago
Does AWS Control Tower have integrations with the AWS VPC IPAM service?asked 6 months ago
AWS Control Tower - Deployment Errorasked 10 months ago
Issue building Control tower landing zone on a new account - AWS Control Tower setup failed. Be sure your account is subscribed to the AWS EC2 service, then try againAccepted Answerasked 5 months ago
Control Tower Cost IncreaseAccepted Answerasked 3 years ago
AWS control tower notification forwarder and python 3.6 EOLAccepted Answerasked 3 months ago
Control Tower dependency to other regions?Accepted Answerasked 2 years ago
AWS Landing Zone to AWS Control Tower Migrationasked 9 days ago
aws control tower cost of configuration itemsasked 18 days ago
Unable to Launch AWS Control towerasked 3 months ago