AWS Landing Zone


That the traditional system are facing

Difficulty in Accounts and Payment Management due to the limitation of mornitoring tools.

Struggle in managing the resources of all accounts (Networking, Logs, Security....)

Why a Landing Zone?

An environment allowing for iteration and extension over time
A configured, secure, scalable, multi-account AWS environment based on best practices
A starting point for new development, experimentation and customers' aplication migration journey

challenges to build a landing zone

Design Decisions

Configure Multiple
Accounts and Services

Require a Deep Understanding
of AWS Services

Security Baseline

we bring
AWS Landing Zone Solution
to help you!


An automated, easy-to-deploy solution to help you quickly set up new AWS environments and get started with running secure and scalable workloads on AWS. 

The AWS Landing Zone solution deploys an AWS Account Vending Machine (AVM) product for provisioning and automatically configuring new accounts. This solution includes four accounts, and add-on products that can be deployed using the AWS Service Catalog.

This account, with the ability to create and financially administer member accounts, is used to manage configuration and access to AWS Landing Zone managed accounts. 

The Shared Services account is a reference for creating infrastructure shared services such as directory services.

The Log Archive account contains a central Amazon S3 bucket for storing copies of all AWS CloudTrail and AWS Config log files in a log archive account.

The Security account creates auditor (read-only) and administrator (full-access) cross-account roles from a Security account to all AWS Landing Zone managed accounts to audit or perform emergency security operations in case of an incident. This account is also designated as the master Amazon GuardDuty account.

Multi-account Structure

What will you get?

Automation in setting and managing all accounts within organization.

Systemize architectures and process following AWS best practices such as Basic Security Guideline, VPC/Network design.

Apply DevOps best practices: Infrastructure-as-Code with the use of codified templates and continuous delivery.

Provide Single Sign-On mechanism and centralize access rights management.

Take advantage of volume discount if total billing of all accounts reaches the discount tier.

special offers

Free consulting and deployment services by OSAM certified experts

Get 50% discount on total services bill for 10 first customers

Are you ready to Get Started?

Copyright © 2018 - OSAM. All Rights Reserved.