Control surface · AWS Landing Zone Accelerator

AWS Control Tower,
finally under control.

Read every account, role, SCP and drift. Propose any change as a reviewed pull request. Run a full cross-org account migration end to end — without ever opening the AWS console.

See the controls → How it stays safe
Read-only by default Every change is a pull request The human owns the merge
◉ LIVE · ZONE STATUSNOMINAL
0
Accounts
0
SCIM groups
0
Open drift
The old way

A landing zone is governed by code. Operating it by hand is the bottleneck.

AWS Control Tower and Landing Zone Accelerator put your whole org into YAML — then leave you to edit it by hand, across seven files, behind a maze of consoles.

Without Controlled Tower

  • Hand-edit accounts-config, iam-config, security-config… and hope the schema is right.
  • Click through the AWS console across Organizations, IAM, Identity Center, Control Tower.
  • Catch mistakes only after a 45–90 min pipeline run fails.
  • Audit drift and readiness by hand, account by account.
  • Run a cross-org migration off a bespoke 90-day runbook.

With Controlled Tower

  • Fill a form. It writes valid YAML and opens the pull request for you.
  • One control surface reads it all, cross-account, read-only.
  • Validates before the pipeline — schema errors caught up front.
  • Drift, readiness and SCP slots on demand, in one click.
  • The migration runbook is the app: inventory → move → baseline → enroll.
One control surface

See everything. Propose anything. Touch nothing without your merge.

01 · SEE

Live state, read-only

Accounts, OUs, roles, groups, SCP slots, declared-vs-live drift, account readiness, and the live pipeline — assumed cross-account with least-privilege read access.

02 · PROPOSE

Every change is a PR

New accounts, access grants, migrations — each renders the exact YAML diff, dry-runs first, then opens a feature-branch pull request. Append-only guardrails, fully audited.

03 · MERGE

The human owns the gate

Controlled Tower never merges and never starts the pipeline. You review the branch, you merge to main, and the Accelerator pipeline does the rest.

All the controls, a few screens

Every governance and migration task, in one console.

Switch modes, pick a control, see what it does. This is the whole surface.

controlledtower.io
Full functionality

Everything it does.

ACCOUNT LIFECYCLE

Vend, manage, close

Stand up workload accounts and retire them — safely and by the book.

  • New account with justification + caps
  • Assign existing roles & groups
  • Unassign / remove with guardrails
  • Guided closure checklist + dry-run
ACCESS

Identity & tenant access

Map who gets what, across accounts, declaratively.

  • LZA-provisioned roles & groups
  • SCIM group → permission set → accounts
  • Grant a tenant dev + prod in one step
  • Append-only, never edits in place
ASSURANCE

Drift, readiness, SCP

Prove the zone is what the config says it is.

  • Declared-vs-live drift detection
  • Post-provision readiness checks
  • SCP slots per OU (5-limit aware)
  • Undeclared-account flagging
MIGRATION

Two-org account moves

The cross-org runbook, turned into guided steps.

  • Inventory → Move → Baseline → Enroll
  • FISMA-High baseline controls
  • Control Tower enrollment checks
  • Dry-run every phase first
OPERATIONS

Pipeline & assist

Watch the machine and understand failures.

  • Live Accelerator-Pipeline status
  • Per-stage AI failure analysis
  • Post-migration Security Hub check
  • Email summary of every check
TRUST

Audit & reversibility

Nothing happens off the record.

  • Every apply logged to an audit trail
  • Snapshot + one-click revert
  • Writes off until you flip them on
  • Per-tab built-in help
How it stays safe

Safety in the machine. The human owns the merge.

Controlled Tower writes to a feature branch and stops. It never merges, and it never starts the pipeline — your merge to main is the only release gesture.

01
Propose

Form → exact YAML diff, dry-run

Dashboard
02
Branch

Feature branch + commit in Git

Dashboard
03
Merge

You review & merge to main

You · the gate
04
Pipeline

Accelerator pipeline runs

AWS · automatic
05
Live

Provisioned & governed

AWS
Time saved

The pipeline still takes 45–90 minutes. Your people don't have to.

The machine time is fixed. What Controlled Tower gives back is the human time around it — schema-hunting, console-clicking, hand-auditing, and runbook-wrangling. Move the sliders.

human min saved each vs hand-editing YAML + PR
human min saved each vs Identity Center by hand
human min saved each vs manual account-by-account
human min saved each vs bespoke runbook execution
0 hrs/mo
of human effort given back, every month
Per year0 hrs
≈ work-weeks / year0
Pipeline time saved0 — same machine

Volumes & per-task minutes are editable estimates — tune them to your org. The fixed anchors are sourced from AWS: pipeline runs of 45–90 min and cross-org migrations needing a ~90-day assessment and staged runbook.

Built for regulated orgs

Compliance-grade by construction.

BASELINE

FISMA-High

SCPs, Config, Security Hub, GuardDuty, EBS & S3 controls applied on enroll.

EVIDENCE

Full audit trail

Every apply recorded, with snapshots and one-click revert.

LEAST PRIV

Read-scoped access

Cross-account reads via a single least-privilege role; writes gated off by default.

GITOPS

Reviewed change

No change reaches AWS without a pull request a human merged.

Controlled Tower

Bring your landing zone under controlled tower.

One deck for every account, role, guardrail and migration — safe by construction, reviewed by a human, audited end to end.

Request access Explore the controls
Get in touch

Put your landing zone on one deck.

Tell us what you're running and we'll get you a walkthrough of Controlled Tower against your own org.

No obligation We reply within a day