Call now: +49 89 538863-0 Contact: Language:

AWS Control Tower

Building a standardized landing zone with AWS Control Tower

Landing Zone is the name for a scalable and secure AWS multi-account structure designed according to various best practices from the well-architected framework. With its centralized services, this architecture forms the basis for deploying your applications quickly and securely in the AWS cloud. When building a landing zone, technical as well as organizational and procedural issues related to account structure, network, security, and access management must be included. Once implemented, the landing zone allows you to keep track of the security status or cost of your AWS accounts, among other things, while rolling out centralized rule sets. With Account Factory, you can also provision new AWS accounts reliably and quickly according to your standards. The architecture of the landing zone will be regularly adapted to the changing needs and requirements of our customers.

Since 2019, AWS Control Tower has been state-of-the-art, allowing AWS to perform the core tasks of a landing zone at the touch of a button and ensure reliable operation. With the AWS solution “Customizations for Control Tower”, the Control Tower landing zone can be customized and extended to include any service you need, such as AWS Security Hub, a central firewall, or AWS Backup.

A standard landing zone setup includes central billing, billing alerts, logging, security/governance monitoring, and the Account Factory. Common extensions to this setup include centralized VPN/Direct Connect connections in a network account, advanced individual compliance checks, or central backup.

The following figure shows a typical landing zone with its core tasks:

MicrosoftTeams-image (28)
The figure shows a schematic representation of a landing zone architecture. The pink-framed boxes represent AWS accounts, while the orange boxes arranged in a C-shape represent the core accounts with their typically used services. The boxes with a blue background represent the workload or project accounts.

Your benefits


Standardized provisioning of new AWS accounts; centralized logging to ensure compliance and privacy

Centralized governance and control

Security monitoring and central rule sets through service control policies

Simplified operation

AWS provides the Control Tower service at the touch of a button. The landing zone core services are operated by AWS in a fail-safe manner. The Control Tower meets your basic cloud infrastructure requirements.

Full customization capabilities

“Customizations for Control Tower” allow you to individually adapt your landing zone to suit your needs.

Maximum transparency

Both security-relevant findings and costs can be viewed centrally – including by your project teams – so that you can achieve maximum efficiency with the greatest possible security.

You can download more information on AWS Control Tower & Landing Zone here

Sustainable AWS Landing Zone

This one-page overview explains in detail how we can help you set up your own AWS landing zone. We will train your staff and you will receive comprehensive documentation regarding the entire setup.

Accelerated Control Tower Framework

This one-page overview tells you everything you need to know about our 3-day workshop for setting up the AWS Control Tower. Of course, we will answer all your questions and take your individual requirements into account.

Examples of success (excerpt)

AWS Control Tower – Secure Multi-Account Setup at the Push of a Button

For a big data project for Roland Rechtsschutz, Skaylink was able to provide support with their AWS expertise for highly regulated industries.

This might also interest you

No post found

Let’s start the future together

Are you unsure where the digital journey should take you? Our experts will be happy to answer your questions without obligation!

Just fill out the form to the right and we will be in touch with you shortly.