Governance at Scale: Intro to AWS Landing Zone Accelerator

Landing Zone Accelerator Architecture
Landing Zone Accelerator Architecture

In my previous blogs, I have discussed AWS Landing Zone and its evolution. I also talked about the AWS Control Tower service, which streamlined the deployment and management of the AWS Landing Zone solution for multi-account AWS environments. I explained that by utilizing Control Tower Lifecycle events, you can extend the governance capabilities of AWS Control Tower. Customers must write custom solutions based on their use case, which is time-consuming. Furthermore, performing proper testing and validation before updating the foundational services is essential when AWS launches new services and capabilities, leading to increased compliance roll-out time. Some customers had limited operational budgets and were unwilling to allocate funds to build foundational service automation.

AWS introduced the Landing Zone Accelerator solution to address these challenges to accelerate the scale and speed of deploying governance (industry standards) with confidence in enterprise-grade multi-account AWS environments. The solution speeds up the process and provides additional benefits like scalability and resilience to governance footprint.

What is AWS Landing Zone Accelerator (LZA) on AWS?

🌟 The Landing Zone Accelerator on AWS accelerates implementation of security controls and infrastructure foundation. 🔒

 

Landing Zone Accelerator Architecture
Landing Zone Accelerator on AWS
 
The Landing Zone Accelerator (LZA) on AWS  is an open source software solution that accelerates the implementation of customer’s technical security controls and infrastructure foundation.

Landing Zone Accelerator (LZA) on AWS is built using the Cloud Development Kit (CDK) deployment engine that is designed to adhere to the standards of AWS best practices and global compliance frameworks like NIST 800-53, NIST 800-171, ITAR, ACSC Essential 8, ACSC ISM, and CMMC. AWS highly recommends that its customers deploy AWS Control Tower as the foundational landing zone for their organization’s workloads and applications, later enhancing their landing zone capabilities with Landing Zone Accelerator. In this solution, the configuration files are separated from the deployment engine, meaning you only need to manage the configurations, making it highly scalable. LZA’s solution spans 35+ AWS services to manage and govern multi-account environments supporting highly regulated workloads and complex compliance requirements.

Landing Zone Accelerator benefits (What you get out of it?)

Landing Zone Accelerator Benefits
Landing Zone Accelerator Benefits

Data Security & Flexibility

To ensure the safety of sensitive information, you can deploy the solution in an AWS Region that aligns with your data classification requirements. Amazon Macie can be used to quickly identify any sensitive data that may be present in your Amazon S3 buckets. Additionally, AWS KMS can be utilized to manage your encryption strategy centrally, making it easier to deploy, operate, and govern. In addition, the solution allows integration with other management tools like Security Hub, GuardDuty, and Macie to streamline your security strategy. Using this solution, you can address the unique governance needs of each customer.

Automation by leveraging AWS expertise

With the help of next-generation framework using the Cloud Development Kit (CDK) based, Landing Zone Accelerator engine, you can effortlessly create a secure cloud environment perfect for hosting your workloads. This solution will help you consistently maintain operations and governance across all regions. It even works for non-standard partitions (or regions) in AWS.

Customer resources focus on learning to ‘operate’ in the cloud

Organizations can save valuable resources and time by using the Landing Zone Accelerator to establish a complaint and improve security posture. This way, they can avoid building and maintaining complex infrastructure and code. With the Landing Zone Accelerator Solution handling governance complexities, customers can focus on what they do best – driving innovation and growth.

Accelerate

It is widely known in highly regulated industries that building a solid foundational environment can take three to 18 months or even longer. This is due to the complexities of obtaining ATOs (Authority to Operate), which involves proving compliance with the security controls. However, this process can be accomplished in days or even minutes with the Landing Zone Accelerator solution. Here are some success stories from satisfied customers who have benefited from this solution.

Innovate through open source model

The AWS Landing Zone Accelerator (LZA) solution is designed to help you integrate security and compliance into your workloads as you grow. It uses CodeBuild to orchestrate each action after the Source stage, running a CDK application that deploys CloudFormation stacks across AWS accounts and Regions.  This approach saves time and effort, ensures consistency, and reduces the risk of errors and misconfigurations.

Foundation for compliance

Over time, the LZA solution may undergo changes or updates while your business requirements and environments evolve. You may also need more controls and capabilities to enhance governance and security posture. The solution (code engine and configuration separation) is designed so that even after a few years, you can use the exact repeatable mechanisms to perform all the required tasks without re-engineering an entirely new system.

Nothing come for free (How Much Will Solution Really Cost?)

Customers are responsible for the cost of the AWS services used while running this solution. As of this revision, the cost for running this solution using the Landing Zone Accelerator on AWS best practices configuration with AWS Control Tower in the US East (N. Virginia) Region within a non-critical sandbox environment with no activity or workloads is approximately $430.22 (USD) each month.

AWS recommends creating a budget through AWS Cost Explorer to help manage costs. Prices are subject to change. For full details, refer to the pricing webpage for each AWS service used in this solution.

The Landing Zone Accelerator on AWS solution may entail a certain cost, but the benefits that come along with it are invaluable. By adopting this solution, you can ensure that your workloads comply with industry standards, which can significantly reduce the time and resources needed to obtain ATO (Authority to Operate) certifications. Additionally, this solution eliminates spending valuable time and effort building a cloud foundation from scratch. This frees up your time to focus on what you do best while the solution takes care of the governance at scale.

Wrap Up!

In conclusion, the Landing Zone Accelerator on AWS offers an invaluable advantage by enabling fast provisioning of new environments tailored to specific governance requirements, all while saving precious time and resources. Its thoughtful design, distinguished by separating code and configuration, ensures long-lasting efficiency. Even in the years to come, you can count on the exact, reliable, repeatable mechanisms to execute essential tasks without needing a complete system revamp. This solution represents a strategic and cost-effective investment, promising substantial savings in time, resources, and finances while empowering you to focus on what truly matters.

(Visited 131 times, 1 visits today)