AWS Landing Zone

October 1, 2018

One of the key areas involved in cloud adoption is your governance strategy around AWS account management. While AWS Organizations is a key tool in that space, the recently announced AWS Landing Zone provides an entire management system to create and manage tens, hundreds, or thousands of AWS accounts, including self-services features for new account automation. Webb InfoTech Solutions LLC highly recommends that our clients consider using AWS Landing Zone (either out of the box, or with customizations for their specific organization).

From the AWS Landing Zone site:

“AWS Landing Zone is a solution that helps customers more quickly set up a secure, multi-account AWS environment based on AWS best practices. With the large number of design choices, setting up a multi-account environment can take a significant amount of time, involve the configuration of multiple accounts and services, and require a deep understanding of AWS services.

This solution can help save time by automating the set-up of an environment for running secure and scalable workloads while implementing an initial security baseline through the creation of core accounts and resources. It also provides a baseline environment to get started with a multi-account architecture, identity and access management, governance, data security, network design, and logging.

The AWS Landing Zone solution deploys an AWS Account Vending Machine (AVM) product for provisioning and automatically configuring new accounts. The AVM leverages AWS Single Sign-On (SSO) for managing user account access. This environment is customizable to allow customers to implement their own account baselines through a Landing Zone configuration and update pipeline.

This solution is delivered by AWS Solutions Architects or Professional Services consultants to create a customized baseline of AWS accounts, networks, and security policies.”