Amazon Control Tower
AWS Control Tower provides the easiest way to set up and govern a secure, multi-account AWS environment based on best practices. It establishes a landing zone with pre-configured governance and guardrails, enabling organizations to maintain compliance and manage accounts at scale. With over 750 preconfigured controls, it automates account creation, OU registration, and compliance enforcement across the entire AWS organization.
APIs
AWS Control Tower API
The AWS Control Tower API provides programmatic access to manage landing zones, organizational units, accounts, controls (guardrails), and baselines within your AWS environment,...
Collections
AWS Control Tower API
POSTMANArazzo Workflows
AWS Control Tower Create Landing Zone and Confirm
Create a landing zone, poll the async operation to completion, then read back the landing zone details.
ARAZZOAWS Control Tower Disable Control and Confirm
Disable a control on an organizational unit and poll the async operation until it completes.
ARAZZOAWS Control Tower Enable Baseline and Confirm
Apply a baseline to a target, poll the async operation to completion, then read back the enabled baseline.
ARAZZOAWS Control Tower Enable Control and Confirm
Enable a control on an organizational unit, poll the async operation to completion, then read back the enabled control.
ARAZZOAWS Control Tower Update Enabled Baseline and Confirm
Upgrade an enabled baseline to a new version, poll the async operation, then read back its details.
ARAZZOAWS Control Tower Update Enabled Control and Confirm
Reconfigure an already enabled control, poll the async operation, then read back the updated control.
ARAZZOAWS Control Tower Update Landing Zone and Confirm
Update a landing zone's version or manifest, poll the async operation, then read back its details.
ARAZZOPricing Plans
Rate Limits
FinOps
Amazon Control Tower Finops
FINOPSFeatures
Create, configure, update, reset, and delete AWS Control Tower landing zones programmatically via API, automating multi-account environment setup.
Over 750 preconfigured controls (guardrails) covering security, operations, and compliance. Enable or disable controls on organizational units via API.
Apply and manage baselines on organizational units (OUs) to register them with AWS Control Tower and enforce standard configurations programmatically.
Automate creation of AWS accounts with built-in governance, policies, and security controls through integration with AWS Organizations.
Deploy preventive, detective, and proactive controls to enforce compliance standards including CIS, NIST, PCI-DSS, HIPAA, and SOC 2.
Centralized audit logging to Amazon S3 and AWS CloudTrail integration for full visibility into API calls and governance actions.
Seamlessly integrate third-party security, compliance, and ITSM tools at scale to enhance your AWS multi-account environment.
Use Cases
Quickly set up a secure, well-architected multi-account AWS environment with landing zone configuration completed in under 30 minutes.
Deploy preconfigured controls to enforce regulatory compliance standards such as PCI-DSS, HIPAA, NIST, and SOC 2 across all accounts.
Automate provisioning of new AWS accounts with built-in security policies, IAM roles, and governance configurations using Account Factory.
Programmatically register organizational units with Control Tower baselines and apply targeted controls for department-specific governance.
Continuously monitor compliance posture across all accounts and receive alerts when controls are violated or drift is detected.