SlideShare ist ein Scribd-Unternehmen logo

Setting Up a Landing Zone

Amazon Web Services
Amazon Web Services

In this session, AWS will present an overview of the AWS Landing Zone – an automated solution for setting up a robust and flexible AWS environment. Customers can expect to learn how AWS works with customers to accelerate their journey to AWS confidently and securely and how the AWS Landing Zone can be customized to meet each organization’s specific needs. Presenter: Sadegh Nadimi, Senior Consultant, Global Migrations, AWS

1 von 25
S A D E G H N A D I M I Setting up a Landing Zone Introducing an automated solution for setting up AWS environments at scale
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is a Landing Zone? H • A configured, secure, multi-account AWS environment based on AWS best practices • A starting point for net new development and experimentation • A starting point for your application migration journey • An environment that allows for iteration & extension over time
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. You Need a Landing Zone That Is… meets the organization’s security and auditing requirements ready to support highly available and scalable workloads configurable to support evolving business requirements
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Common Business Outcomes focus on what differentiates reduce time from ideation to instantiation secure and compliant environment migrate undifferentiated workloads deploy and run at a global scale
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. And Even Though There is Plenty of Support… • Professional Services • Technical Account Managers • Solutions Architects • AWS Marketplace • AWS Partner Ecosystem
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Setup Can Still Be Challenging Numerous design decisions Configuration of multiple accounts and services Creation of a security baseline and governance 100+ Services Documentation User Access
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Common Design Considerations
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Starting at the Beginning: AWS Accounts Security/Resource Boundary API Limits/Throttling Billing Separation Define your AWS account strategy
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. But keep in Mind, One Account Is Not Enough Multiple Teams Isolation Security Controls Business ProcessBilling
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. So What Kinds of Accounts Should I Create? Security Shared Services Billing Dev ProdSandbox OtherPre-Prod Organizations Master Account NetworkLogging
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Define Your Account Security Strategy InfoSec’s Cross- Account Roles AWS Account Credential Management (“Root Account”) Federation Baseline Requirements Actions & Conditions Map Enterprise Roles AWS CloudTrail
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. And Choose Among Multiple VPC Options AWS Services in Your VPC VPC Endpoints for Amazon S3 DNS in-VPC with Amazon Route 53 Logging VPC Traffic with VPC Flow Logs
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The Multi-Account Approach Orgs: Account management Logging: Centralized logs Security: AWS Config Rules, security tools Shared services: Directory, DNS, limit monitoring Billing Tooling: Cost monitoring Sandbox: Experiments Dev: Development Pre-Prod: Staging Prod: Production Developer Sandbox Dev Pre-Prod BU/Product/Resource Accounts Developer Accounts Security Core Accounts AWS Organizations Master Billing Tooling Shared Services Sandbox Direct Connect Internal Audit Logging Prod Shared Services Data Center
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How Can We Make This Easy?
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Introducing the AWS Landing Zone Solution BETA An automated, easy-to-deploy solution implementing collective best practices for running secure and scalable workloads in AWS Automated deployment Based on AWS best practices and recommendations Foundational security and governance controls Baseline accounts and account vending machine
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is the AWS Landing Zone? BETA The AWS Landing Zone is a baseline AWS environment that includes the following components: AWS Multiple Accounts Identity and Access Management Network DesignData Security Centralized Logging Governance
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Landing Zone Tenets Designed for scalability. Able to grow and scale with your business. Prescriptive. Implements prescriptive defaults when creating new accounts. Flexible. Allows you to modify default configurations or add capabilities. Easy to deploy. Leverages automation to simplify the experience. Well-architected “compatible”. Allows you to build well-architected applications. BETA
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What You Get with the AWS Landing Zone BETA Account Management • A multi-account architecture based on AWS best practices • An account vending machine which enables automated deployment of new accounts with a set of security baselines Security & Governance • Account security baseline with auditing capabilities (CloudTrail & Config) • Data security baseline with governance checks • Network security baseline Logging • Centralized logging
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. BETA Tagging mechanism • Service Catalog default tags for Admin product launches • Service Catalog custom tags for end users Mechanism for separation of duties out of the box • Multiple accounts and defining cross account-roles allow implementation of separation of duties across all accounts Enable SSO • Eliminate IAM account sprawl What You Get with the AWS Landing Zone
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Landing Zone Architecture BETA ACCOUNT VENDING MACHINE LANDING ZONE INITIATION “MASTER” ACCOUNT AWS LAMBDA AWS SSM PARAMETER STORE AWS SERVICE CATALOG AWS CLOUDFORMATION STACKSETS NO DEFAULT VPC AWS ORGANIZATIONS AMAZON SNS CORE OU CLOUDTRAIL CONFIG EBS ENCRYPTION CLV2 IAM ROLESSTACKS AMAZON VPC AWS CLOUDTRAIL AWS CONFIG CONFIG RULE (EBS ENCRYPTION) SHARED SERVICES ACCOUNT DIRECTORY SERVICE CENTRALIZED LOGGING (MASTER) IAM ROLES EC2 KEY PAIR LOGGING ACCOUNT AWS CLOUDTRAIL AWS CONFIG CONFIG RULE (EBS ENCRYPTION) CENTRALIZED LOGGING (SPOKE) IAM ROLES NO DEFAULT VPC S3 BUCKET FOR CLOUDTRAIL/C ONFIG SECURITY ACCOUNT AWS STSCENTRALIZED LOGGING (SPOKE) CONFIG RULE (EBS ENCRYPTION) NO DEFAULT VPC AMAZON SNS AMAZON SNS AMAZON SNS AWS CLOUDTRAIL AWS CONFIG
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Landing Zone Vending Machine BETA MASTER ACCOUNT LOGGING ACCOUNT NEW AWS ACCOUNT AWS CLOUDTRAIL STACK AWS CONFIG STACK EBS ENCRYPTION STACK CLV2 SPOKE ADMIN ROLE AMAZON VPC (DEFAULT) READ ONLY ROLE AMAZON S3 BUCKET AWS SERVICE CATALOG LAMBDA-BACKED CUSTOM RESOURCE AWS ORGANIZATIONS EXISTING OR NEW OU AWS CLOUDFORMATION STACKSETS
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Benefits of the AWS Automated Landing Zone Guardrails NOT Blockers Auditable Flexible Automated Scalable Self-service
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Landing Zone Pricing and Availability • Monthly charges for deployed resources apply • No additional charge for the AWS Landing Zone solution • Available in private beta BETA
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Next steps • Lookout for GA release in Q2 2018 • Work with your account team to sign up for beta • Deploy the solution • Provide feedback to help prioritize new features
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank You!

Empfohlen

AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018Amazon Web Services
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
 
Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Amazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best PracticesAmazon Web Services
 
Aws landing zone
Aws landing zoneAws landing zone
Aws landing zoneIgor Ivanovic
 
Introduction to AWS Cost Management
Introduction to AWS Cost ManagementIntroduction to AWS Cost Management
Introduction to AWS Cost ManagementAmazon Web Services
 

Empfohlen

AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018Amazon Web Services
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
 
Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Amazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best PracticesAmazon Web Services
 
Aws landing zone
Aws landing zoneAws landing zone
Aws landing zoneIgor Ivanovic
 
Introduction to AWS Cost Management
Introduction to AWS Cost ManagementIntroduction to AWS Cost Management
Introduction to AWS Cost ManagementAmazon Web Services
 
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Timothy McAliley
 
AWS 101: Introduction to AWS
AWS 101: Introduction to AWSAWS 101: Introduction to AWS
AWS 101: Introduction to AWSIan Massingham
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
AWS Cloud Adoption Framework
AWS Cloud Adoption Framework AWS Cloud Adoption Framework
AWS Cloud Adoption Framework Amazon Web Services
 
고객의 플랫폼/서비스를 개선한 국내 사례 살펴보기 – 장준성 AWS 솔루션즈 아키텍트, 강산아 NDREAM 팀장, 송영호 야놀자 매니저, ...
고객의 플랫폼/서비스를 개선한 국내 사례 살펴보기 – 장준성 AWS 솔루션즈 아키텍트, 강산아 NDREAM 팀장, 송영호 야놀자 매니저, ...고객의 플랫폼/서비스를 개선한 국내 사례 살펴보기 – 장준성 AWS 솔루션즈 아키텍트, 강산아 NDREAM 팀장, 송영호 야놀자 매니저, ...
고객의 플랫폼/서비스를 개선한 국내 사례 살펴보기 – 장준성 AWS 솔루션즈 아키텍트, 강산아 NDREAM 팀장, 송영호 야놀자 매니저, ...Amazon Web Services Korea
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAmazon Web Services
 
AWS IAM Introduction
AWS IAM IntroductionAWS IAM Introduction
AWS IAM IntroductionAmazon Web Services
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWSAmazon Web Services
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design Amazon Web Services
 
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Amazon Web Services
 
What is AWS?
What is AWS?What is AWS?
What is AWS?Martin Yan
 
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019Amazon Web Services
 
AWS for Backup and Recovery
AWS for Backup and RecoveryAWS for Backup and Recovery
AWS for Backup and RecoveryAmazon Web Services
 
Migrating to the Cloud
Migrating to the CloudMigrating to the Cloud
Migrating to the CloudAmazon Web Services
 
Introduction to Amazon EC2
Introduction to Amazon EC2Introduction to Amazon EC2
Introduction to Amazon EC2Amazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
 
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Amazon Web Services
 
Introducing AWS DataSync - Simplify, automate, and accelerate online data tra...
Introducing AWS DataSync - Simplify, automate, and accelerate online data tra...Introducing AWS DataSync - Simplify, automate, and accelerate online data tra...
Introducing AWS DataSync - Simplify, automate, and accelerate online data tra...Amazon Web Services
 
AWS Application Discovery Service
AWS Application Discovery ServiceAWS Application Discovery Service
AWS Application Discovery ServiceAmazon Web Services
 
Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksLaunch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksAmazon Web Services
 
AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore
AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_SingaporeAWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore
AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_SingaporeAmazon Web Services
 

Weitere ähnliche Inhalte

Was ist angesagt?

Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Timothy McAliley
 
AWS 101: Introduction to AWS
AWS 101: Introduction to AWSAWS 101: Introduction to AWS
AWS 101: Introduction to AWSIan Massingham
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
고객의 플랫폼/서비스를 개선한 국내 사례 살펴보기 – 장준성 AWS 솔루션즈 아키텍트, 강산아 NDREAM 팀장, 송영호 야놀자 매니저, ...
고객의 플랫폼/서비스를 개선한 국내 사례 살펴보기 – 장준성 AWS 솔루션즈 아키텍트, 강산아 NDREAM 팀장, 송영호 야놀자 매니저, ...고객의 플랫폼/서비스를 개선한 국내 사례 살펴보기 – 장준성 AWS 솔루션즈 아키텍트, 강산아 NDREAM 팀장, 송영호 야놀자 매니저, ...
고객의 플랫폼/서비스를 개선한 국내 사례 살펴보기 – 장준성 AWS 솔루션즈 아키텍트, 강산아 NDREAM 팀장, 송영호 야놀자 매니저, ...Amazon Web Services Korea
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAmazon Web Services
 
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Amazon Web Services
 
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019Amazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
 
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Amazon Web Services
 
Introducing AWS DataSync - Simplify, automate, and accelerate online data tra...
Introducing AWS DataSync - Simplify, automate, and accelerate online data tra...Introducing AWS DataSync - Simplify, automate, and accelerate online data tra...
Introducing AWS DataSync - Simplify, automate, and accelerate online data tra...Amazon Web Services
 
AWS Application Discovery Service
AWS Application Discovery ServiceAWS Application Discovery Service
AWS Application Discovery ServiceAmazon Web Services
 

Was ist angesagt? (20)

Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
 
AWS 101: Introduction to AWS
AWS 101: Introduction to AWSAWS 101: Introduction to AWS
AWS 101: Introduction to AWS
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control Tower
 
AWS Cloud Adoption Framework
AWS Cloud Adoption Framework AWS Cloud Adoption Framework
AWS Cloud Adoption Framework
 
고객의 플랫폼/서비스를 개선한 국내 사례 살펴보기 – 장준성 AWS 솔루션즈 아키텍트, 강산아 NDREAM 팀장, 송영호 야놀자 매니저, ...
고객의 플랫폼/서비스를 개선한 국내 사례 살펴보기 – 장준성 AWS 솔루션즈 아키텍트, 강산아 NDREAM 팀장, 송영호 야놀자 매니저, ...고객의 플랫폼/서비스를 개선한 국내 사례 살펴보기 – 장준성 AWS 솔루션즈 아키텍트, 강산아 NDREAM 팀장, 송영호 야놀자 매니저, ...
고객의 플랫폼/서비스를 개선한 국내 사례 살펴보기 – 장준성 AWS 솔루션즈 아키텍트, 강산아 NDREAM 팀장, 송영호 야놀자 매니저, ...
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best Practices
 
AWS IAM Introduction
AWS IAM IntroductionAWS IAM Introduction
AWS IAM Introduction
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWS
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
 
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
 
What is AWS?
What is AWS?What is AWS?
What is AWS?
 
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019
 
AWS for Backup and Recovery
AWS for Backup and RecoveryAWS for Backup and Recovery
AWS for Backup and Recovery
 
Migrating to the Cloud
Migrating to the CloudMigrating to the Cloud
Migrating to the Cloud
 
Introduction to Amazon EC2
Introduction to Amazon EC2Introduction to Amazon EC2
Introduction to Amazon EC2
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
 
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
 
Introducing AWS DataSync - Simplify, automate, and accelerate online data tra...
Introducing AWS DataSync - Simplify, automate, and accelerate online data tra...Introducing AWS DataSync - Simplify, automate, and accelerate online data tra...
Introducing AWS DataSync - Simplify, automate, and accelerate online data tra...
 
AWS Application Discovery Service
AWS Application Discovery ServiceAWS Application Discovery Service
AWS Application Discovery Service
 

Ähnlich wie Setting Up a Landing Zone

Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksLaunch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksAmazon Web Services
 
AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore
AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_SingaporeAWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore
AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_SingaporeAmazon Web Services
 
Enterprise Governance and Security Build Your AWS Landing Zone (SEC315) - AWS...
Enterprise Governance and Security Build Your AWS Landing Zone (SEC315) - AWS...Enterprise Governance and Security Build Your AWS Landing Zone (SEC315) - AWS...
Enterprise Governance and Security Build Your AWS Landing Zone (SEC315) - AWS...Amazon Web Services
 
Migrate & Modernize your legacy Microsoft applications with AWS
Migrate & Modernize your legacy Microsoft applications with AWSMigrate & Modernize your legacy Microsoft applications with AWS
Migrate & Modernize your legacy Microsoft applications with AWSAmazon Web Services
 
Cloud Migration Insights Forum, Perth
Cloud Migration Insights Forum, PerthCloud Migration Insights Forum, Perth
Cloud Migration Insights Forum, PerthAmazon Web Services
 
Hybrid Cloud on AWS - Introduction and Art of the Possible
Hybrid Cloud on AWS - Introduction and Art of the PossibleHybrid Cloud on AWS - Introduction and Art of the Possible
Hybrid Cloud on AWS - Introduction and Art of the PossibleTom Laszewski
 
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Amazon Web Services
 
Security Automation using AWS Management Tools
Security Automation using AWS Management ToolsSecurity Automation using AWS Management Tools
Security Automation using AWS Management ToolsAmazon Web Services
 
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsLock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsAmazon Web Services
 
ARC325_Managing Multiple AWS Accounts at Scale
ARC325_Managing Multiple AWS Accounts at ScaleARC325_Managing Multiple AWS Accounts at Scale
ARC325_Managing Multiple AWS Accounts at ScaleAmazon Web Services
 
Cloud Migration Insights Forum, Sydney
Cloud Migration Insights Forum, SydneyCloud Migration Insights Forum, Sydney
Cloud Migration Insights Forum, SydneyAmazon Web Services
 
Cloud Migration Insights Forum, Melbourne
Cloud Migration Insights Forum, MelbourneCloud Migration Insights Forum, Melbourne
Cloud Migration Insights Forum, MelbourneAmazon Web Services
 
Simplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing ZoneSimplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing ZoneAmazon Web Services
 
Enabling Governance, Compliance, Operational, and Risk Auditing with AWS Mana...
Enabling Governance, Compliance, Operational, and Risk Auditing with AWS Mana...Enabling Governance, Compliance, Operational, and Risk Auditing with AWS Mana...
Enabling Governance, Compliance, Operational, and Risk Auditing with AWS Mana...Amazon Web Services
 
AWS Initiate - Landing Zone: Como saber se sua base está preparada
AWS Initiate - Landing Zone: Como saber se sua base está preparadaAWS Initiate - Landing Zone: Como saber se sua base está preparada
AWS Initiate - Landing Zone: Como saber se sua base está preparadaAmazon Web Services LATAM
 
Threat detection and mitigation at AWS - SEC301 - Santa Clara AWS Summit
Threat detection and mitigation at AWS - SEC301 - Santa Clara AWS SummitThreat detection and mitigation at AWS - SEC301 - Santa Clara AWS Summit
Threat detection and mitigation at AWS - SEC301 - Santa Clara AWS SummitAmazon Web Services
 
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSAmazon Web Services
 
Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018
Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018
Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018Amazon Web Services
 

Ähnlich wie Setting Up a Landing Zone (20)

Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksLaunch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
 
AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore
AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_SingaporeAWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore
AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore
 
Enterprise Governance and Security Build Your AWS Landing Zone (SEC315) - AWS...
Enterprise Governance and Security Build Your AWS Landing Zone (SEC315) - AWS...Enterprise Governance and Security Build Your AWS Landing Zone (SEC315) - AWS...
Enterprise Governance and Security Build Your AWS Landing Zone (SEC315) - AWS...
 
Migrate & Modernize your legacy Microsoft applications with AWS
Migrate & Modernize your legacy Microsoft applications with AWSMigrate & Modernize your legacy Microsoft applications with AWS
Migrate & Modernize your legacy Microsoft applications with AWS
 
Cloud Migration Insights Forum, Perth
Cloud Migration Insights Forum, PerthCloud Migration Insights Forum, Perth
Cloud Migration Insights Forum, Perth
 
Hybrid Cloud on AWS - Introduction and Art of the Possible
Hybrid Cloud on AWS - Introduction and Art of the PossibleHybrid Cloud on AWS - Introduction and Art of the Possible
Hybrid Cloud on AWS - Introduction and Art of the Possible
 
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
 
Security Automation using AWS Management Tools
Security Automation using AWS Management ToolsSecurity Automation using AWS Management Tools
Security Automation using AWS Management Tools
 
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsLock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
 
ARC325_Managing Multiple AWS Accounts at Scale
ARC325_Managing Multiple AWS Accounts at ScaleARC325_Managing Multiple AWS Accounts at Scale
ARC325_Managing Multiple AWS Accounts at Scale
 
Cloud Migration Insights Forum, Sydney
Cloud Migration Insights Forum, SydneyCloud Migration Insights Forum, Sydney
Cloud Migration Insights Forum, Sydney
 
Cloud Migration Insights Forum, Melbourne
Cloud Migration Insights Forum, MelbourneCloud Migration Insights Forum, Melbourne
Cloud Migration Insights Forum, Melbourne
 
Simplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing ZoneSimplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing Zone
 
AWS Security By Design
AWS Security By DesignAWS Security By Design
AWS Security By Design
 
Enabling Governance, Compliance, Operational, and Risk Auditing with AWS Mana...
Enabling Governance, Compliance, Operational, and Risk Auditing with AWS Mana...Enabling Governance, Compliance, Operational, and Risk Auditing with AWS Mana...
Enabling Governance, Compliance, Operational, and Risk Auditing with AWS Mana...
 
Enterprise Security
Enterprise SecurityEnterprise Security
Enterprise Security
 
AWS Initiate - Landing Zone: Como saber se sua base está preparada
AWS Initiate - Landing Zone: Como saber se sua base está preparadaAWS Initiate - Landing Zone: Como saber se sua base está preparada
AWS Initiate - Landing Zone: Como saber se sua base está preparada
 
Threat detection and mitigation at AWS - SEC301 - Santa Clara AWS Summit
Threat detection and mitigation at AWS - SEC301 - Santa Clara AWS SummitThreat detection and mitigation at AWS - SEC301 - Santa Clara AWS Summit
Threat detection and mitigation at AWS - SEC301 - Santa Clara AWS Summit
 
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWS
 
Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018
Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018
Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018
 

Mehr von Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mehr von Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Setting Up a Landing Zone

  • 1. S A D E G H N A D I M I Setting up a Landing Zone Introducing an automated solution for setting up AWS environments at scale
  • 2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is a Landing Zone? H • A configured, secure, multi-account AWS environment based on AWS best practices • A starting point for net new development and experimentation • A starting point for your application migration journey • An environment that allows for iteration & extension over time
  • 3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. You Need a Landing Zone That Is… meets the organization’s security and auditing requirements ready to support highly available and scalable workloads configurable to support evolving business requirements
  • 4. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Common Business Outcomes focus on what differentiates reduce time from ideation to instantiation secure and compliant environment migrate undifferentiated workloads deploy and run at a global scale
  • 5. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. And Even Though There is Plenty of Support… • Professional Services • Technical Account Managers • Solutions Architects • AWS Marketplace • AWS Partner Ecosystem
  • 6. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Setup Can Still Be Challenging Numerous design decisions Configuration of multiple accounts and services Creation of a security baseline and governance 100+ Services Documentation User Access
  • 7. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Common Design Considerations
  • 8. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Starting at the Beginning: AWS Accounts Security/Resource Boundary API Limits/Throttling Billing Separation Define your AWS account strategy
  • 9. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. But keep in Mind, One Account Is Not Enough Multiple Teams Isolation Security Controls Business ProcessBilling
  • 10. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. So What Kinds of Accounts Should I Create? Security Shared Services Billing Dev ProdSandbox OtherPre-Prod Organizations Master Account NetworkLogging
  • 11. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Define Your Account Security Strategy InfoSec’s Cross- Account Roles AWS Account Credential Management (“Root Account”) Federation Baseline Requirements Actions & Conditions Map Enterprise Roles AWS CloudTrail
  • 12. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. And Choose Among Multiple VPC Options AWS Services in Your VPC VPC Endpoints for Amazon S3 DNS in-VPC with Amazon Route 53 Logging VPC Traffic with VPC Flow Logs
  • 13. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The Multi-Account Approach Orgs: Account management Logging: Centralized logs Security: AWS Config Rules, security tools Shared services: Directory, DNS, limit monitoring Billing Tooling: Cost monitoring Sandbox: Experiments Dev: Development Pre-Prod: Staging Prod: Production Developer Sandbox Dev Pre-Prod BU/Product/Resource Accounts Developer Accounts Security Core Accounts AWS Organizations Master Billing Tooling Shared Services Sandbox Direct Connect Internal Audit Logging Prod Shared Services Data Center
  • 14. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How Can We Make This Easy?
  • 15. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Introducing the AWS Landing Zone Solution BETA An automated, easy-to-deploy solution implementing collective best practices for running secure and scalable workloads in AWS Automated deployment Based on AWS best practices and recommendations Foundational security and governance controls Baseline accounts and account vending machine
  • 16. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is the AWS Landing Zone? BETA The AWS Landing Zone is a baseline AWS environment that includes the following components: AWS Multiple Accounts Identity and Access Management Network DesignData Security Centralized Logging Governance
  • 17. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Landing Zone Tenets Designed for scalability. Able to grow and scale with your business. Prescriptive. Implements prescriptive defaults when creating new accounts. Flexible. Allows you to modify default configurations or add capabilities. Easy to deploy. Leverages automation to simplify the experience. Well-architected “compatible”. Allows you to build well-architected applications. BETA
  • 18. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What You Get with the AWS Landing Zone BETA Account Management • A multi-account architecture based on AWS best practices • An account vending machine which enables automated deployment of new accounts with a set of security baselines Security & Governance • Account security baseline with auditing capabilities (CloudTrail & Config) • Data security baseline with governance checks • Network security baseline Logging • Centralized logging
  • 19. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. BETA Tagging mechanism • Service Catalog default tags for Admin product launches • Service Catalog custom tags for end users Mechanism for separation of duties out of the box • Multiple accounts and defining cross account-roles allow implementation of separation of duties across all accounts Enable SSO • Eliminate IAM account sprawl What You Get with the AWS Landing Zone
  • 20. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Landing Zone Architecture BETA ACCOUNT VENDING MACHINE LANDING ZONE INITIATION “MASTER” ACCOUNT AWS LAMBDA AWS SSM PARAMETER STORE AWS SERVICE CATALOG AWS CLOUDFORMATION STACKSETS NO DEFAULT VPC AWS ORGANIZATIONS AMAZON SNS CORE OU CLOUDTRAIL CONFIG EBS ENCRYPTION CLV2 IAM ROLESSTACKS AMAZON VPC AWS CLOUDTRAIL AWS CONFIG CONFIG RULE (EBS ENCRYPTION) SHARED SERVICES ACCOUNT DIRECTORY SERVICE CENTRALIZED LOGGING (MASTER) IAM ROLES EC2 KEY PAIR LOGGING ACCOUNT AWS CLOUDTRAIL AWS CONFIG CONFIG RULE (EBS ENCRYPTION) CENTRALIZED LOGGING (SPOKE) IAM ROLES NO DEFAULT VPC S3 BUCKET FOR CLOUDTRAIL/C ONFIG SECURITY ACCOUNT AWS STSCENTRALIZED LOGGING (SPOKE) CONFIG RULE (EBS ENCRYPTION) NO DEFAULT VPC AMAZON SNS AMAZON SNS AMAZON SNS AWS CLOUDTRAIL AWS CONFIG
  • 21. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Landing Zone Vending Machine BETA MASTER ACCOUNT LOGGING ACCOUNT NEW AWS ACCOUNT AWS CLOUDTRAIL STACK AWS CONFIG STACK EBS ENCRYPTION STACK CLV2 SPOKE ADMIN ROLE AMAZON VPC (DEFAULT) READ ONLY ROLE AMAZON S3 BUCKET AWS SERVICE CATALOG LAMBDA-BACKED CUSTOM RESOURCE AWS ORGANIZATIONS EXISTING OR NEW OU AWS CLOUDFORMATION STACKSETS
  • 22. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Benefits of the AWS Automated Landing Zone Guardrails NOT Blockers Auditable Flexible Automated Scalable Self-service
  • 23. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Landing Zone Pricing and Availability • Monthly charges for deployed resources apply • No additional charge for the AWS Landing Zone solution • Available in private beta BETA
  • 24. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Next steps • Lookout for GA release in Q2 2018 • Work with your account team to sign up for beta • Deploy the solution • Provide feedback to help prioritize new features
  • 25. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank You!