AWS Control Tower
Building a standardized landing zone with AWS Control Tower
Landing Zone is the name for a scalable and secure AWS multi-account structure designed according to various best practices from the well-architected framework. With its centralized services, this architecture forms the basis for deploying your applications quickly and securely in the AWS cloud. When building a landing zone, technical as well as organizational and procedural issues related to account structure, network, security, and access management must be included. Once implemented, the landing zone allows you to keep track of the security status or cost of your AWS accounts, among other things, while rolling out centralized rule sets. With Account Factory, you can also provision new AWS accounts reliably and quickly according to your standards. The architecture of the landing zone will be regularly adapted to the changing needs and requirements of our customers.
Since 2019, AWS Control Tower has been state-of-the-art, allowing AWS to perform the core tasks of a landing zone at the touch of a button and ensure reliable operation. With the AWS solution “Customizations for Control Tower”, the Control Tower landing zone can be customized and extended to include any service you need, such as AWS Security Hub, a central firewall, or AWS Backup.
A standard landing zone setup includes central billing, billing alerts, logging, security/governance monitoring, and the Account Factory. Common extensions to this setup include centralized VPN/Direct Connect connections in a network account, advanced individual compliance checks, or central backup.
The following figure shows a typical landing zone with its core tasks:
Your benefits
Speed
Standardized provisioning of new AWS accounts; centralized logging to ensure compliance and privacy
Centralized governance and control
Security monitoring and central rule sets through service control policies
Simplified operation
AWS provides the Control Tower service at the touch of a button. The landing zone core services are operated by AWS in a fail-safe manner. The Control Tower meets your basic cloud infrastructure requirements.
Full customization capabilities
“Customizations for Control Tower” allow you to individually adapt your landing zone to suit your needs.
Maximum transparency
Both security-relevant findings and costs can be viewed centrally – including by your project teams – so that you can achieve maximum efficiency with the greatest possible security.
You can download more information on AWS Control Tower & Landing Zone here
Sustainable AWS Landing Zone
This one-page overview explains in detail how we can help you set up your own AWS landing zone. We will train your staff and you will receive comprehensive documentation regarding the entire setup.
Accelerated Control Tower Framework
This one-page overview tells you everything you need to know about our 3-day workshop for setting up the AWS Control Tower. Of course, we will answer all your questions and take your individual requirements into account.
Examples of success (excerpt)
- Case Studies
AWS Control Tower – Secure Multi-Account Setup at the Push of a Button
This might also interest you
No post found
Let’s start the future together
Are you unsure where the digital journey should take you? Our experts will be happy to answer your questions without obligation!
Just fill out the form to the right and we will be in touch with you shortly.
