SYSTEM Cited by 1 source
AWS Control Tower¶
What it is¶
AWS Control Tower is AWS's governance service on top of AWS Organizations — a higher-level UX for setting up and managing secure, multi-account AWS environments ("landing zones") with opinionated guardrails, pre-baked SCPs, and centralized identity via IAM Identity Center.
The sovereign-partition gap¶
A sharp constraint named in the failover-design post:
"AWS Control Tower can't directly manage AWS GovCloud (US) or AWS European Sovereign Cloud accounts." (Source: sources/2026-01-30-aws-sovereign-failover-design-digital-sovereignty)
In the post's prescribed topology: "Security controls should be tailored per partition using distinct Service Control Policies (SCPs), with AWS Control Tower managing the commercial side."
Meaning:
- On the standard partition, Control Tower is the recommended governance / landing-zone tool.
- On sovereign partitions (GovCloud, European Sovereign Cloud), Control Tower is unavailable; SCPs and OU topology must be applied via direct Organizations automation reusing the same templates.
Stub page¶
Seen in¶
- sources/2026-01-30-aws-sovereign-failover-design-digital-sovereignty — names Control Tower as commercial-side governance substrate and names the management gap for GovCloud / European Sovereign Cloud.