Are you struggling to scale cloud migrations and create multi-account AWS environments from scratch? Would you like to quickly create secure new accounts? You can do this with AWS best practices for monitoring, and governance in less than 30 minutes.
If that sounds impossible, it really isn’t.
AWS Landing Zone helps you automate the creation of pre-configured, secure, multi-account cloud environments based on AWS best practices. It’s how you can scale AWS to your enterprise efficiently; in a repeatable manner with central control and monitoring.
Typically, the creation of new accounts involves answering key questions. Do you need a shared services account, along with a Master Billing Account? How can you get log data out of other accounts into your logging account? What are the best practices to set up user accounts, permissions, and cross-account permissions? What about integration with Active Directory? Can you ensure all this follows AWS best practices and is a Well-Architected Framework?
With so many different considerations, teams usually create accounts with their own unique setup. That takes a long time to get started.
AWS Landing Zone Solution provides:
- Active Directory integration
- Logging account where other accounts feed their log data
- Automated setup of CloudTrail across accounts
- Shared Services account for GitHub, Bastion, and Active Directory services.
- Security accounts for auditors and break glass.
- Enables adding as many pre-configured accounts as you need over time (sandbox, Dev, test, production, & more)
Five reasons why AWS Landing Zone is your best bet for scaling cloud migrations:
1. MULTI-ACCOUNT APPROACH
AWS Landing Zone helps customers move quickly to set up a secure, multi-account AWS environment based on AWS best practices. You can save time by automating the setup of an environment for running secure and scalable workloads. Implement an initial security baseline through the creation of core accounts and resources, as you set up.
2. INTEGRATED DEVOPS
AWS Landing Zone can be integrated with your internal Gitlab. This allows you to continuously push changes into Dev and promote them to production environments. You can set up Slack alerts and notifications on the pipeline process and automate security-governance for account creation too.
3. AUTOMATED ACCOUNT PROVISIONING
Landing Zone lets you quickly setup new AWS accounts along AWS best practices for security, monitoring, and governance. Without it, completing various configurations for new accounts would take weeks to set up and validate.
4. SECURITY ENFORCEMENT AT THE GLOBAL AND ACCOUNT LEVEL
Identity and Access Management (IAM): AWS Landing Zone provides Access/Secret key rotation enforcement every 90 days with multi-factor authentication (MFA) for all local users.
Logging: The ability to leverage central S3 bucket for CloudTrail and Config logs.
Service Control Policies (SCP): By utilizing AWS Landing Zone, you can ensure that local password policies are not be modified, and CloudTrail logs are not deleted or stopped.
Security, Monitoring, and Alerting: Set up notifications for Security Group, console sign-in failures, root logins, and costly EC2 instance types.
How do we govern a multi-account environment with automation? AWS Config lets us automatically enable, configure rules and aggregate dashboards. This helps highlight non-compliant/compliant resources.
AWS Landing Zone is automatically configured to receive alerts on non-compliant resources. It includes an option to remediate non-compliant resources that are utilizing AWS CloudWatch and Lambda.
Netenrich can help you get the best out of AWS Landing Zone, to scale cloud migrations for your business. Get in touch to find out how you can streamline accounts, enhance transparency and manageability of deployments.