Today, we are announcing new functionality in AWS Control Tower to align AWS Control Tower with recent updates to the AWS Foundational Security Best Practices. As new best practices and controls are identified and developed, it is periodically necessary for AWS Control Tower to add functionality to ensure that your AWS accounts and workloads are in alignment. The new functionality in this release includes support for lifecycle policy and access logging for the access log bucket as well as adding a dead letter queue for Lambda functions. Additionally, this release updates AWS Control Tower to use AWS Config’s Service Linked Role to setup and manage Config rules to match AWS Config best practices. This change will streamline the AWS Control Tower KMS configuration process for encrypting Config data and improve the related status messaging in CloudTrail.
Source:: Amazon AWS