Step 2a. Review and select your AWS Regions

Be sure you've correctly designated the AWS Region that you select for your home Region. After you've deployed AWS Control Tower, you can't change the home Region.

In this section of the setup process, you can add any additional AWS Regions that you require. You can add more Regions at a later time, if needed, and you can remove Regions from governance.

To select additional AWS Regions to govern

The panel shows you the current Region selections. Open the dropdown menu to see a list of additional Regions available for governance.
Check the box next to each Region to bring into governance by AWS Control Tower. Your home Region selection is not editable.

To deny access to certain Regions

To deny access to AWS resources and workloads in certain AWS Regions, select Enabled in the section for the Region deny control. By default, the setting for this control is Not enabled.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Step 2. Configure and launch your landing zone

Step 2b. Configure your organizational units (OUs)