Are you struggling to create multi-account AWS environments from scratch? Would you like to quickly create new accounts, which are secure and built with AWS Best practices, monitoring, and governance in less than 30 minutes?
If that sounds impossible, it really isn’t.
AWS Landing Zone helps you automate the creation of pre-configured, secure, multi-account cloud environments based on AWS best practices. It’s how you can scale AWS to your enterprise efficiently: in a repeatable manner with central control and monitoring.
Typically, the creation of new accounts involves answering some key questions. Do you need a shared services account, along with a Master Billing Account? How can you get log data out of other accounts into your logging account? How to set up user accounts, permissions, and cross-account permissions? How to integrate with Active Directory? How to ensure all this follows AWS best practices and is a Well-Architected Framework?
With so many different considerations, teams usually create accounts with their own unique setup, which takes a long time to get working.
AWS Landing Zone Solution provides:
- Active Directory integration
- Logging account to which other accounts feed their log data
- Automated setup of CloudTrail across accounts
- Shared Services account for GitHub, Bastion, and Active Directory services
- A security account for auditors and break glass
- Enables adding as many pre-configured accounts as you need over time (sandbox, dev, test, production, & more)
Here are 5 reasons why AWS Landing Zone is your best bet for scaling cloud migrations:
1. Multi-account Approach
AWS Landing Zone helps customers move quickly to set up a secure, multi-account AWS environment based on AWS best practices. You can save time by automating the setup of an environment for running secure and scalable workloads while implementing an initial security baseline through the creation of core accounts and resources.
2. Integrated DevOps
AWS Landing Zone can be integrated with your internal Gitlab to continuously push changes into Dev and then promote them to production environments. We can also set up Slack alerts and notifications on the pipeline process while automating security and governance for account creation.
3. Automated Account Provisioning
A quick setup of new AWS accounts that contain AWS best practices, security, monitoring, and governance, is made easy with Landing Zone. Without it, completing various configurations for new accounts would take weeks to set up and validate.
4. Security Enforcement at the Global and Account Level
Identity and Access Management (IAM): AWS Landing Zone provides Access/Secret key rotation enforcement every 90 days while enabling multi-factor authentication (MFA) for all local users.
Logging: The ability to leverage central S3 bucket for CloudTrail and Config logs.
Service Control Policies (SCP): By utilizing AWS Landing Zone, you can ensure that local password policies are not be modified and CloudTrail logs are not deleted or stopped.
Security, Monitoring and Alerting: Set up notifications for Security Group, console sign-in failures, root logins, and costly EC2 instance types.
How do we govern a multi-account environment with automation? With AWS Config we can automatically enable, configure rules and aggregate dashboards, which will help highlight non-compliant/compliant resources.
AWS Landing Zone is automatically configured to receive alerts on non-compliant resources. We can also go one step further and build an option to remediate resources that are non-compliant utilizing AWS CloudWatch and Lambda.
If you need help in streamlining accounts, enhancing transparency and manageability of deployments, contact us today.
Learn how to implement AWS Landing Zone for secure multi-AWS account management with best practices and automation. Watch On-Demand Webinar to learn more.