AWS

Have you ever tried to create a set of AWS accounts from scratch?

This has typically been long, hard work. There are a multitude of different considerations. You’ll need a Master Billing Account, of course, but what about some form of shared services account? Do you need a logging account? If so, how do you get log data out of the other accounts into this account?  How do you setup the cross account permissions? How do you setup the user accounts and permissions? How do you integrate that with Active Directory? How do you ensure that this all follows the Well-Architected Framework? The list goes on and on.

With all these different considerations, every team always creates their own flavour of account setup that take a significant amount of time to get working and stable. It’s a perfect example of the kind of undifferentiated heavy lifting that the cloud is supposed to relieve engineering teams of.

AWS Landing Zone

Now, however, AWS has a turnkey solution to automate the creation of a pre-configured, secure, multi-account cloud environment based on AWS best practice.

AWS Landing Zone is a set of scripts with which you can automatically create a secure and scalable platform that handles authentication, centralised logging, and centralised security

It includes:

  • Active Directory integration
  • A Shared Services account for things like Bastion, GitHub, and Active Directory services
  • A security account for auditors and breakglass
  • A logging account that all other accounts feed their log data to
  • Automated setup of CloudTrail in all accounts
  • Restrictions to ensure that users cannot disable logging
  • The ability to add as many other accounts as you need over time (sandbox, dev, test, production, etc), all pre-configured as above

The AWS Landing Zone provides the foundation for a smooth enterprise cloud migration.

How AWS Landing Zone Accelerates Enterprise Cloud Adoption

1. Move to the cloud quicker

AWS Landing Zone means that you can now create a cluster of interconnected and structured secure accounts with minimal fuss, saving time and accelerating your migration.

2. Easily stay secure and compliant

The solution itself is a set of CloudFormation templates: effectively an account-as-code. This means that basic security, governance and compliance requirements are automatically embedded into the Landing Zone accounts.

3. Scalable and flexible

The Landing Zone provides a consistent underlying platform. This gives you a known structure to build on top of, which makes it easier to reuse code and enables you to more simply scale, extend and iterate your cloud platform over time. Again, this makes life easier for you, allowing you to spend more time doing differentiating work, rather than non-differentiating heavy-lifting.

Conclusion

The Landing Zone is a ready-made starting point for migration to the cloud, as well as for innovation and experimentation. Ultimately, it helps you respond to your customers’ needs more effectively.

This service is free. You can get access to the AWS Landing Zone templates and explore the details of the service here.

x

SIGN UP TO OUR UPDATES

DevOps Insights Directly to Your Inbox!

Join thousands of your peers and subscribe to our best content, news, services and events.

  • Stuart Slade

    Principal Consultant