Today, we are excited to release an improved AWS CloudFormation Hooks management capability for AWS Control Tower proactive controls. With this release, Hooks deployed for proactive controls will now be managed by AWS Control Tower. Additionally, we are releasing proactive controls in AWS Canada West (Calgary) and Asia Pacific (Malaysia) regions. These controls help you meet control objectives such as establish logging and monitoring, encrypt data at rest, or improve resiliency. To see a full list of the proactive controls, see the Controls Reference Guide.
AWS Control Tower’s proactive control capabilities leverage AWS CloudFormation Hooks to identify and block non-compliant resources proactively before AWS CloudFormation provisions them. Previously, proactive control deployed Hooks were protected to ensure only AWS Control Tower can modify them, preventing customers from authoring their own Hooks. With this release, proactive control deployed Hooks are now directly managed by the AWS Control Tower service, allowing customers to author their own Hooks, while also benefiting from the AWS Control Tower proactive controls.
AWS Control Tower’s proactive controls are available in all AWS commercial Regions where AWS Control Tower is available. For a full list of AWS Regions where AWS Control Tower is available, see AWS Region Table. You can start deploying the AWS Control Tower controls from the console or using AWS Control Tower control APIs.
Source:: Amazon AWS