Skip to main content
Skip table of contents

AWS Control Tower Security Controls

The AWS Control Tower Security Controls Service module establishes a framework to facilitate security best practices and compliance. Utilizing predefined guardrails, this module provides both preventive and detective controls for consistent application of security measures.
Preventive Controls: automatically prevent configurations that could lead to security vulnerabilities, such as public access to S3 buckets, internet access for RDS instances, and the lack of MFA for root accounts.
Detective Controls: continuously monitor and alert on potential security issues, including unencrypted EC2 instances, non-compliant IAM user settings, and suspicious root user activity.
The above security controls are categorized into mandatory, strongly recommended, and elective guardrails, providing flexibility to tailor the security posture to specific organizational needs. This module includes a setup of AWS Control Tower Security Controls.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close