That the traditional system are facing
Why a Landing Zone?
An environment allowing for iteration and extension over time
A configured, secure, scalable, multi-account AWS environment based on best practices
A starting point for new development, experimentation and customers' aplication migration journey
challenges to build a landing zone
Accounts and Services
Require a Deep Understanding
of AWS Services
AWS Landing Zone Solution
to help you!
AWS LANDING ZONE SOLuTION
An automated, easy-to-deploy solution to help you quickly set up new AWS environments and get started with running secure and scalable workloads on AWS.
The AWS Landing Zone solution deploys an AWS Account Vending Machine (AVM) product for provisioning and automatically configuring new accounts. This solution includes four accounts, and add-on products that can be deployed using the AWS Service Catalog.
This account, with the ability to create and financially administer member accounts, is used to manage configuration and access to AWS Landing Zone managed accounts.
The Shared Services account is a reference for creating infrastructure shared services such as directory services.
The Log Archive account contains a central Amazon S3 bucket for storing copies of all AWS CloudTrail and AWS Config log files in a log archive account.
The Security account creates auditor (read-only) and administrator (full-access) cross-account roles from a Security account to all AWS Landing Zone managed accounts to audit or perform emergency security operations in case of an incident. This account is also designated as the master Amazon GuardDuty account.