Last updated April 6, 2020
For organizations looking to quickly establish a secure and scalable multiple-account AWS environment, the task may appear overwhelming – at least at first glance.
Creating this type of environment requires a substantial investment in time and resources: answering plenty of questions, making tough design decisions, configuring multiple accounts and services and having a deep understanding of AWS services. All told, a DIY project it is not.
But if your organization is looking to realize the benefits of a secure and scalable multi-account AWS environment, fear not. AWS offers AWS Landing Zone, a nifty solution that promises to speed up and streamline the process in a way that is consistent with AWS best practices.
Prepare for Landing
For medium- to large-size organizations, the benefits of creating a multi-account cloud structure are well established. Multiple accounts offer the highest level of resource and billing isolation, enabling multiple teams, projects, business units, products or users to securely use computing resources in the ways that work best for them.
AWS Landing Zone offers a complete set of tools and templates to help you establish a multi-account AWS environment, deploy new resources and control your various accounts from a single, centralized location.
The default solution includes four core accounts – AWS Organizations, Shared Services, Log Archive, and Security – which provide the multi-account architecture plus security and governance controls and network settings right out of the box.
Combined, these capabilities offer the baseline horsepower your organization needs to get started on your multi-account journey. From there, it’s a matter of customizing to your business requirements, and AWS Landing Zone provides plenty of functionality to ease that process as well.
A Solution that Makes Sense
For organizations that are considering a large-scale cloud migration, AWS Landing Zone makes plenty of sense for many reasons, ranging from simplified setup to scalability to enhanced security and governance practices.
- Less hassle for large-scale migrations – Among the biggest benefits of deploying Landing Zone is perhaps the most obvious: It helps streamline an otherwise arduous task. As noted, establishing a multi-account structure from the ground up is complex and time-consuming, full of design decisions, configuration needs, security, and compliance requirements and required deep knowledge of AWS. By offering a ready baseline environment, Landing Zone removes much of this heavy lifting from the initial deployment process, creating a smoother path toward multi-account deployment.
- Plenty of space for growth – It goes without saying that one of the key reasons for moving to a multiple account environment is to drive business growth. You can easily scale up your initial AWS Landing Zone environment based on your business requirements using a feature known as the AWS Account Vending Machine. It resides in the AWS Organizations account and enables you to easily create and automatically configure a virtually unlimited number of accounts, all templated and preconfigured with security guardrails. You can also add additional products through Landing Zone Add-Ons and automated resource baselining.
Tighter security and better governance
Moving to a multiple account environment using an AWS Landing Zone enables you to exert greater control over security and better enforce governance best practices. This is particularly critical for organizations that face stringent regulations or compliance mandates such as HIPAA, GDP, SOC 2 or others. AWS Landing Zone includes an initial security baseline that serves as a starting point for establishing and implementing customized account security protocols for all accounts.
While it’s possible for an organization to manage many multiple workloads within a single account, it isn’t recognized as an AWS best practice. With a multiple account structure, each account represents a discrete unit of protection and isolation. Your organization can isolate accounts based on different security profiles or compliance control requirements. Plus, individual account users can more easily manage their own resources while knowing they’re still adhering to company-mandated security and compliance standards.
We’ll Help You Make a Smooth Landing
As you can probably imagine, AWS Landing Zone is a complex solution, and deploying and configuring it requires a high level of AWS experience. This is why AWS makes it available only through select partners. As an AWS Advanced Consulting Partner, Connectria has the deep AWS knowledge and expertise to offer AWS Landing Zone. Our dedicated cloud experts have the know-how and experience to deploy, configure and manage AWS Landing Zone and integrate it into your existing IT process.
But is AWS Landing Zone right for your organization? There’s only one way to find out. Contact us today! Our cloud consultants will examine your business situation, help you sort through your options and determine if AWS Landing Zone is the ideal solution for your organization.