Get Started with AWS Control Tower

You probably started out small in the cloud—dipping your toes in by provisioning the minimal number of accounts. But as your business grew, you suddenly found yourself with the task of manually creating multiple accounts—all of which required appropriate security, compliance, and cost permissions.

Now that CloudCheckr has partnered with AWS Control Tower, you can deploy multiple credentialed accounts quickly—eliminating the overhead of onboarding and allowing you to reap your return on investment much sooner.

Review the Frequently Asked Questions (FAQs) to learn more about what the integration between CloudCheckr CMx and AWS Control Tower can do for you.


Frequently Asked Questions

Click each text box to view the answers to the questions:

Control Tower is an AWS service intended for organizations with multiple accounts who are looking for the easiest way to set up their new AWS environment and govern at scale.

By leveraging Control Tower, cloud administrators can ensure that their AWS environments are compliant with established policies and provision their new AWS accounts—with just a few clicks of a button.

The integration between CloudCheckr CMx and Control Tower extends Control Tower's functionality, so that customers who created new AWS accounts using Control Tower can also quickly onboard those accounts in CloudCheckr CMx.

When you create a new account in AWS using Control Tower, a Lambda function gets triggered, which automatically creates and credentials an associated account in CloudCheckr CMx.

For more details, see our Implementation Guide in the AWS Marketplace.

The service is free.

Before you can use this feature, you must:

  • deploy AWS Control Tower in the AWS Console
  • be a CloudCheckr CMx customer
  • have an admin or other appropriate role in AWS and CloudCheckr CMx that will allow you to create and provision new accounts
  • configure the integration using the Implementation Guide found in the AWS Marketplace

Enterprises and Managed Service Providers (MSPs) who must provision many accounts, teams, and departments and use AWS as their sole cloud provider, will benefit from this integration.

In addition, the integration reduces the workload of CloudCheckr's Onboarding team as it allows them to set up new accounts in CloudCheckr CMx automatically.

This integration is meant for net new customers, so it won't benefit:

  • current customers who have already set up CloudCheckr CMx for all of their accounts
  • new or current customers who aren't growing and don't have plans to scale their cloud business or add new accounts
  • new or current customers who don't use AWS as a cloud provider

The integration only allows you to create and credential accounts—you will need a separate process to configure account details such as account users, groups, notifications, and billing preferences.

If you are an MSP using multiple cloud providers, you can only use Control Tower for your AWS accounts. For other cloud providers, you will have to rely on a different onboarding process, which could result in credentialing inconsistencies.

AWS immediately and automatically creates an account in CloudCheckr CMx.

In most cases, the CloudCheckr CMx and Control Tower integration will be a one-time setup.

Follow these steps:

  1. Launch CloudCheckr CMx.
  2. Type Account Hierarchy in the Search bar to access the Account Hierarchy page.
  3. Under View By On the Accounts tab, click List to switch to List view.
  4. Search for the new account you just created using Control Tower.
  5. In the row of your new account, verify that Credentials column displays a green check mark:

How did we do?