AWS Control Tower and Control Catalog APIs now come with AWS PrivateLink support, allowing you to invoke AWS Control Tower and Control Catalog APIs from within your Amazon Virtual Private Cloud (VPC) without traversing the public internet. AWS PrivateLink provides private connectivity between virtual private clouds (VPCs), supported services and resources, and your on-premises networks, without exposing your traffic to the public internet.
AWS Control Tower simplifies managing a secure, compliant multi-account environment within an AWS Organization. Customers enable AWS services like Config, CloudTrail, and Identity Center with AWS-recommended configurations through Control Tower, ensuring that all accounts in each Organization Unit (OU) adhere to the same baseline defined by the IT administrator. Applications running inside these accounts are governed via managed controls deployed through the Control Catalog in Control Tower, ensuring compliance with business requirements and regulatory policies on an ongoing basis.
AWS PrivateLink support for AWS Control Tower is available in all AWS Regions where AWS Control Tower is available. For a full list of AWS regions where AWS Control Tower is available, see AWS Region Table. You can start deploying AWS Control Tower from the console or using AWS Control Tower APIs.
Source:: Amazon AWS