2025 11 10

AWS – AWS Control Tower supports automatic enrollment of accounts

AWS Control Tower customers can now simply move their accounts to an Organizational Unit (OU) to enroll them under AWS Control Tower governance. This feature helps customers maintain consistency across their AWS environment and simplifies the account creation and enrollment processes. When enrolled, member accounts receive best practice configurations, controls, and baseline resources required for AWS Control Tower governance.

Customers are no longer required to manually update accounts or re-register OUs when migrating accounts or making changes to their OU structure. When an account is moved to a new OU, AWS Control Tower automatically enrolls the account, applying the baseline configurations and controls from the new OU and removing those from the original OU. With this feature, customers can further simplify their new account provisioning workflows by creating an account and then moving it into the right OU using the AWS Organizations console or the CreateAccount and MoveAccount APIs.

Customers on landing zone version 3.1 and higher can opt in to this feature by toggling the automatically enroll accounts flag in their Landing Zone settings or using the Create or UpdateLandingZone APIs by setting the value of the RemediationTypes parameter to Inheritance_Drift. To learn more about this functionality, review Move and enroll accounts with auto-enrollment. For a list of AWS Regions where AWS Control Tower is available, see the AWS Region Table.

AWS – AWS Control Tower supports automatic enrollment of accounts

Related Posts

GCP – Achieve better AI-powered code reviews using new memory capabilities on Gemini Code Assist

GCP – Running high-scale reinforcement learning (RL) for LLMs on GKE

GCP – N4D now GA: Gain up to 3.5x price-performance for scale-out workloads