Launching into the Cloud with Confidence: The AWS Landing Zone Accelerator - Part 1

2024-12-22 3 min read Walkthroughs Adam Divall

Migrating to the cloud can feel like a daunting leap. Where do you even begin? How do you ensure your cloud environment is secure, scalable, and compliant right from the start? Enter the AWS Landing Zone Accelerator (LZA), your trusty launchpad for a smooth and successful cloud journey.

What is the LZA?

The LZA is an open-source solution provided by AWS that helps you quickly build and deploy a well-architected multi-account AWS environment. Think of it as a blueprint for your cloud foundation, complete with pre-configured security controls, network configurations, and account structures.

GitHub - Nested CloudFormation StacksSets Pipeline

GitHub - VPC Flowlogs and Dashboards

GitHub - AWS Tagging Policies

GitHub - Amazon VPC IP Address Manager

Customising AWS Control Tower with Account Factory Customisations

2022-12-30 6 min read Walkthroughs Adam Divall

At AWS re:Invent this year Account Factory Customisations was released. This post will walk you through how to configure and use the new functionality as in my opinion the documentation isn’t particularly clear as to how things work and there were also issues with the implementation steps when I first implemented it.

Use Case

For my specific situation that I’m utilising this for I want to deploy a VPC that leverages the Amazon VPC IP Address Manager (IPAM) for obtaining an IP CIDR Range since I don’t want to have to manually enter one each time and run the risk of overlapping address space. As part of my pre-requisties I’ve already written some automation using CloudFormation to not only setup VPC IPAM for delegated administration in my Organization, but I’ve also set up VPC IPAM so that I have seperate IPAM Pools for different regions and also different environments within those regions. This post won’t go into the details of the automation or the details of the CloudFormation Template that I’ll deploy either but how the Solution ultimately works.

Customising AWS Control Tower with CfCT

2022-09-22 9 min read Walkthroughs Adam Divall

If you missed the previous posts on Deploying a Landing Zone with AWS Control Tower or you’ve not had much experience with the service, I’d recommend going back through and reading those firstly before continuing.

In this post, I’m going to walkthrough how you can start customising Control Tower using the Security Reference Architecture (SRA). The SRA utilises Customisations for Control Tower (CfCT) which deploys a DevOps pipeline that works with CloudFormation templates and Control Tower lifecycle events.

Older posts