AWS Landing Zone Accelerator - Part 6: Security

Welcome back to our deep dive into the AWS Landing Zone Accelerator (LZA)!

In the previous five parts of this series, we’ve covered a lot of ground:

• Part 1: Introduced the LZA and its benefits for building a well-managed AWS environment
• Part 2: Walked through setting up your AWS Organization and creating new accounts
• Part 3: Explored the LZA’s global settings for standardized configurations across your AWS organization
• Part 4: Delved into the LZA’s network configuration, establishing a secure and scalable network foundation
• Part 5: Tackled Identity and Access Management (IAM), including setting up IAM Identity Center, break-glass access, and temporary elevated access.

In this sixth installment, we’ll shift our focus to a critical aspect of any well-architected cloud environment: Security. We’ll explore how the LZA helps you establish a secure baseline for your AWS workloads, but we’ll also go beyond the LZA’s default security configuration. I’ll explain the rationale behind some of our decisions to use custom solutions instead of relying solely on the LZA’s native security features, giving you a deeper understanding of how to tailor your security posture to your specific needs. Get ready to dive into the world of security best practices and learn how to fortify your AWS environment!

AWS Landing Zone Accelerator - Part 5: Identity & Access Management

Welcome back to our ongoing exploration of the AWS Landing Zone Accelerator (LZA)!

We’ve made some solid headway together. As you’ll recall, in Part 1, we kicked things off by introducing the LZA and highlighting its key benefits for building a robust and well-managed AWS environment. We then rolled up our sleeves in Part 2, walking through the essential steps of setting up your AWS Organization and creating those all-important new accounts. In Part 3, we delved into the LZA’s global settings, learning how to establish standardized configurations across your entire AWS organization, ensuring consistency and streamlined management. And as we just covered in Part 4, we’ve recently taken a detour into the foundational networking capabilities.

AWS Landing Zone Accelerator - Part 4: Networking

Welcome back to my deep dive into the AWS Landing Zone Accelerator (LZA)!

We’ve made some good progress. In Part 1, we introduced the LZA and its benefits for building a well-managed AWS environment. Part 2 walked through setting up your AWS Organisation and creating new accounts. Then, in Part 3, we explored the LZA’s global settings, which allow for standardised configurations across your entire AWS organisation, ensuring consistency and simplified management.

Now, I’m going to shift our focus to a critical aspect of any AWS environment: networking. This part of the series will delve into the network configurations provided by the LZA, exploring how it helps you establish a secure, scalable, and well-structured network foundation for your AWS workloads.

AWS Landing Zone Accelerator - Part 3: Configuring Global Settings for Your Organization

Welcome back to my deep dive into the AWS Landing Zone Accelerator (LZA)!

We’ve made some good progress so far. In Part 1, we introduced the LZA and explained how it can help you build a well-managed AWS environment. In Part 2, we got hands-on and learned how to set up your AWS Organization and create new accounts.

Now, in Part 3, we’re going to take a broader perspective and explore the global settings that the LZA provides. These settings let you establish standardised configurations across your entire AWS organization, ensuring consistency and simplifying management.

AWS Landing Zone Accelerator - Part 2: Organizational Units and Account Configuration

In Part 1 of our AWS Landing Zone Accelerator (LZA) series, we introduced the LZA and its benefits. Now, we’ll explore configuring OUs and other essential organizational settings, along with the process of creating AWS accounts within your LZA environment.

Prerequisites

Before we begin, ensure you have the following:

• Access to the AWS Management account with the necessary permissions to modify the LZA setup.
• Permissions to update the LZA configuration, including editing files in the aws-accelerator-config repository.
• A brand-new email address for the new AWS account you’ll be creating.
• Git access to download and upload LZA configuration files.
• AWS Command Line Interface (CLI) installed and configured on your computer.
• The required permissions in Microsoft Entra ID to create and manage groups, and connect them to AWS IAM Identity Center for access control.

Important Note: I’m assuming you’ve already set up the LZA in your AWS environment by following the official guide: https://docs.aws.amazon.com/solutions/latest/landing-zone-accelerator-on-aws/step-1.-launch-the-stack.html. This means you’ve got the basic LZA structure in place.

AWS Landing Zone Accelerator - Part 1: Introduction & Overview

Migrating to the cloud can feel like a giant leap into the unknown. Where do you even begin? How can you ensure your cloud environment is secure, scalable, and compliant from the get-go? The AWS Landing Zone Accelerator (LZA) is your trusted launchpad for a smooth and successful cloud journey.

What is the LZA?

Think of the LZA as an open-source blueprint provided by AWS for building a well-architected, multi-account AWS environment. It’s more than just a template; it’s a framework encompassing pre-configured security controls, network configurations, and account structures, forming a robust foundation for your cloud deployments. The LZA leverages Infrastructure as Code (IaC) principles, primarily using AWS CloudFormation, to automate the deployment and configuration of these foundational components.

re:Invent 2024: My Top Takeaways From a Whirlwind Week in Vegas!

Wow, what a week! Just got back from AWS re:Invent 2024 and my head is still spinning from all the announcements. Thousands of sessions, incredible keynotes, and enough new services and features to make your head spin. But re:Invent is more than just tech – it’s about the people! This year was extra special because I got to connect with so many amazing folks in the AWS community.

Community Vibes (and SWAG!)

Huge shoutout to Jason Dunn for organizing the AWS Community Builders meetup at Buddy V’s! It was fantastic catching up with fellow builders, sharing experiences, and geeking out over all the new announcements. And the swag was top-notch! Big thanks to the Community Builders program for hooking us up.