Service Differences Documentation References

How AWS Control Tower differs in AWS European Sovereign Cloud

This topic describes the functionality of AWS Control Tower in the AWS European Sovereign Cloud Region.

AWS Control Tower is a service that enables you to enforce and manage governance rules for security, operations, and compliance at scale across all your organizations and accounts in the AWS Cloud.

Service Differences

The following differences apply to AWS Control Tower in AWS European Sovereign Cloud:

API Permissions

The following permissions are not available in this partition:

controltower:DescribeManagedAccount
controltower:DescribeManagedOrganizationalUnit
controltower:ListManagedOrganizationalUnits
controltower:ListManagedAccounts
controltower:ManageOrganizationalUnit
controltower:DescribeRegisterOrganizationalUnitOperation
controltower:DescribeGuardrailForTarget
controltower:ListGuardrailsForTarget
controltower:DisableGuardrail
controltower:EnableGuardrail
controltower:DeregisterOrganizationalUnit
controltower:SetupLandingZone
controltower:PerformPreLaunchChecks
controltower:GetLandingZoneStatus
controltower:DescribeLandingZoneConfiguration
controltower:GetAvailableUpdates
controltower:GetLandingZoneDriftStatus
controltower:GetHomeRegion
controltower:DescribeGuardrail
controltower:ListGuardrails

Use the following permissions instead:

controltower:GetEnabledBaseline
controltower:ListEnabledBaselines
controltower:ResetEnabledBaseline
controltower:UpdateLandingZone
controltower:GetBaselineOperation
controltower:GetEnabledControl
controltower:ListEnabledControls
controltower:ResetLandingZone
controltower:GetLandingZoneOperation
controltower:CreateLandingZone
controltower:DeleteLandingZone
controltower:EnableControl
controltower:DisableBaseline
controltower:EnableBaseline
controltower:ListLandingZoneOperations
controltower:GetLandingZone
controltower:ListLandingZones
controltower:UpdateEnabledBaseline
controlcatalog:GetControl
controlcatalog:ListControls

Controls

Resource control policy (RCP) controls are not available.
Declarative controls are not available.

Account Provisioning and Customization

AWS Control Tower Account Factory for Terraform (AFT) is not available.
Customizations for AWS Control Tower (CfCT) is not available.
Account Factory Customization (AFC) is not available.
AWS Control Tower does not create an AWS Service Catalog Account Factory Portfolio and Product.

Landing Zone

The Landing Zone integration with IAM Identity Center is not available.
The Landing Zone integration with AWS Backup is not available.

Baselines

IdentityCenterBaseline is not available due to the lack of IAM Identity Center integration.
The following baselines are not available due to the lack of AWS Backup integration:
- BackupCentralVaultBaseline
- BackupAdminBaseline
- BackupBaseline

Documentation References

AWS Control Tower documentation
AWS Developer Tools in AWS European Sovereign Cloud
Service endpoints for AWS European Sovereign Cloud

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Amazon Cognito

Amazon Managed Service for Apache Flink