AWS Control Tower is a service that helps you organize multi-account environments by creating a set of guardrails, which are sets of governance rules that specify the default operational and security posture of accounts that are created in this environment. It uses AWS SSO to manage a directory of users, whether this is a self-managed directory or your on-premises Active Directory installation. AWS Organizations and AWS Service Catalog are used to provide an Account Factory to your users so that they can create accounts that automatically comply with your company's best practices.