SlideShare a Scribd company logo

AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore

Amazon Web Services
Amazon Web Services

Own Your AWS

1 of 32
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Steve Sofian Solutions Architect, Amazon Web Services AWS Accounts@Scale Using AWS Landing Zone
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Session Agenda Defining the Problem Landing Zone Overview Components of a Landing Zone Wrap Up, Next Steps
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Account Security/Resource Boundary API Limits/Throttling Billing Separation
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Account Models One Account 1,000s of Accounts
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Why One Isn’t Enough Many Teams Isolation Security Controls Business Process Billing
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Multiple Accounts • Complete security and resources isolation • Smaller blast radius • Simplified billing per account Pros • Aggregation/Distribution • Setup and operation overhead • More complex security policies across accounts Cons
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What Problem Are We Solving?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Control What is it that we need?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Goals Guardrails NOT Blockers Auditable Flexible Automated Scalable Self-service
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What is a Landing Zone? H • AWS best practices • AWS account structure • Patterns based • Standards defined • Adaptable foundation • Governance guardrails • Automation driven • Versioned infrastructure
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Components of Landing Zone
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Account Structure Network Design Identity / Access Components of Landing Zone Security / Visibility Shared Services Automation / Change
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Account Structure Network Design Identity / Access Components of Landing Zone Security / Visibility Shared Services Automation / Change
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security/Resource Boundary Limits Billing Separation AWS Account
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Why One Isn’t Enough Many Teams Isolation Security Controls Business Process Billing
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Organizations Organizational Hierarchy Security Policy Billing Visibility Automation Driven
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. DEV PROD INFOSEC LOG Shared SVC Network Sample Account Structure
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Account Structure Network Design Identity / Access Components of Landing Zone Security / Visibility Shared Services Automation / Change
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. IAM Roles Federation IAM Users Managed Policies KMS Keys Job/Function Based, Cross Account Leverage existing Directory, Map Roles Limit Use, Rotate Keys, Securely Stored, MFA AWS Managed to start, Limit Inline policies CMK Per Service Identity & Access Foundation
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Account Structure Network Design Identity / Access Components of Landing Zone Security / Visibility Shared Services Automation / Change
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Multi-AZ Public vs. Private Ingress/ Egress points VPC Design
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Network Paths
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Account Structure Network Design Identity / Access Components of Landing Zone Security / Visibility Shared Services Automation / Change
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Log Analysis CloudWatch Events AWS Config Rules Amazon GuardDuty AWS Config Amazon VPC Flow Logs CloudTrail Data Gathering Analysis / Enforcement Access Logs Continuous Compliance
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Account Structure Network Design Identity / Access Components of Landing Zone Security / Visibility Shared Services Automation / Change
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Directory Code Repo Monitoring AMI / EC2 Management Common Shared Services
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Account Structure Network Design Identity / Access Components of Landing Zone Security / Visibility Shared Services Automation / Change
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. CloudFormation StackSets Automation & Change Management Service Catalog Pipeline
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Next Steps • Engage with your AWS Account Team • Leverage the APN • Check out new the AWS Landing Zone solution • https://aws.amazon.com/answers/aws-landing-zone/
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank You

Recommended

Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing ZoneAmazon Web Services
 
Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018Amazon Web Services
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
 
Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksLaunch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksAmazon Web Services
 
Your road to a Well Architected solution in the Cloud - Tel Aviv Summit 2018
Your road to a Well Architected solution in the Cloud - Tel Aviv Summit 2018Your road to a Well Architected solution in the Cloud - Tel Aviv Summit 2018
Your road to a Well Architected solution in the Cloud - Tel Aviv Summit 2018Amazon Web Services
 
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing ZonesBuilding a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing ZonesTom Laszewski
 
Enterprise Security
Enterprise SecurityEnterprise Security
Enterprise SecurityAmazon Web Services
 
AWS Systems Manage: Bridging Operational Models
AWS Systems Manage: Bridging Operational Models AWS Systems Manage: Bridging Operational Models
AWS Systems Manage: Bridging Operational Models Amazon Web Services
 

Recommended

Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing ZoneAmazon Web Services
 
Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018Amazon Web Services
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
 
Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksLaunch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksAmazon Web Services
 
Your road to a Well Architected solution in the Cloud - Tel Aviv Summit 2018
Your road to a Well Architected solution in the Cloud - Tel Aviv Summit 2018Your road to a Well Architected solution in the Cloud - Tel Aviv Summit 2018
Your road to a Well Architected solution in the Cloud - Tel Aviv Summit 2018Amazon Web Services
 
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing ZonesBuilding a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing ZonesTom Laszewski
 
Enterprise Security
Enterprise SecurityEnterprise Security
Enterprise SecurityAmazon Web Services
 
AWS Systems Manage: Bridging Operational Models
AWS Systems Manage: Bridging Operational Models AWS Systems Manage: Bridging Operational Models
AWS Systems Manage: Bridging Operational Models Amazon Web Services
 
Best Practices for Safe Deployments on AWS Lambda and Amazon API Gateway (SRV...
Best Practices for Safe Deployments on AWS Lambda and Amazon API Gateway (SRV...Best Practices for Safe Deployments on AWS Lambda and Amazon API Gateway (SRV...
Best Practices for Safe Deployments on AWS Lambda and Amazon API Gateway (SRV...Amazon Web Services
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best PracticesAleksandr Maklakov
 
Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...
Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...
Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...Amazon Web Services
 
Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...
Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...
Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...Amazon Web Services
 
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...Amazon Web Services
 
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...Amazon Web Services
 
Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...
Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...
Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...Amazon Web Services
 
MassMutual Goes Cloud First with Hybrid Cloud on AWS (ENT210) - AWS re:Invent...
MassMutual Goes Cloud First with Hybrid Cloud on AWS (ENT210) - AWS re:Invent...MassMutual Goes Cloud First with Hybrid Cloud on AWS (ENT210) - AWS re:Invent...
MassMutual Goes Cloud First with Hybrid Cloud on AWS (ENT210) - AWS re:Invent...Amazon Web Services
 
Starting your Cloud Transformation Journey - Tel Aviv Summit 2018
Starting your Cloud Transformation Journey - Tel Aviv Summit 2018Starting your Cloud Transformation Journey - Tel Aviv Summit 2018
Starting your Cloud Transformation Journey - Tel Aviv Summit 2018Boaz Ziniman
 
Unleash the Power of Temporary AWS Credentials (a.k.a. IAM roles) (SEC390-R1)...
Unleash the Power of Temporary AWS Credentials (a.k.a. IAM roles) (SEC390-R1)...Unleash the Power of Temporary AWS Credentials (a.k.a. IAM roles) (SEC390-R1)...
Unleash the Power of Temporary AWS Credentials (a.k.a. IAM roles) (SEC390-R1)...Amazon Web Services
 
Identity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF LoftIdentity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF LoftAmazon Web Services
 
Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...
Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...
Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...Amazon Web Services
 
Introducing AWS Certificate Manager Private Certificate Authority (CA) - AWS ...
Introducing AWS Certificate Manager Private Certificate Authority (CA) - AWS ...Introducing AWS Certificate Manager Private Certificate Authority (CA) - AWS ...
Introducing AWS Certificate Manager Private Certificate Authority (CA) - AWS ...Amazon Web Services
 
Multi-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica HiveMulti-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica HiveAmazon Web Services
 
Build your Cloud Solution for Success - Tel Aviv Summit 2018
Build your Cloud Solution for Success - Tel Aviv Summit 2018Build your Cloud Solution for Success - Tel Aviv Summit 2018
Build your Cloud Solution for Success - Tel Aviv Summit 2018Amazon Web Services
 
Enabling Compliance with GDPR on AWS.pdf
Enabling Compliance with GDPR on AWS.pdfEnabling Compliance with GDPR on AWS.pdf
Enabling Compliance with GDPR on AWS.pdfAmazon Web Services
 
DEM20 Protecting Your Data in Amazon S3
DEM20 Protecting Your Data in Amazon S3DEM20 Protecting Your Data in Amazon S3
DEM20 Protecting Your Data in Amazon S3Amazon Web Services
 
Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Amazon Web Services
 
Building Highly Scalable Retail Order Management Systems with Serverless
Building Highly Scalable Retail Order Management Systems with ServerlessBuilding Highly Scalable Retail Order Management Systems with Serverless
Building Highly Scalable Retail Order Management Systems with ServerlessAmazon Web Services
 
Threat Detection and Mitigation at Scale on AWS
Threat Detection and Mitigation at Scale on AWS Threat Detection and Mitigation at Scale on AWS
Threat Detection and Mitigation at Scale on AWS Amazon Web Services
 
AWS Initiate - Landing Zone: Como saber se sua base está preparada
AWS Initiate - Landing Zone: Como saber se sua base está preparadaAWS Initiate - Landing Zone: Como saber se sua base está preparada
AWS Initiate - Landing Zone: Como saber se sua base está preparadaAmazon Web Services LATAM
 
Landing Zone: Como ter certeza que sua Fundação está preparada
Landing Zone: Como ter certeza que sua Fundação está preparadaLanding Zone: Como ter certeza que sua Fundação está preparada
Landing Zone: Como ter certeza que sua Fundação está preparadaAmazon Web Services LATAM
 

More Related Content

What's hot

Best Practices for Safe Deployments on AWS Lambda and Amazon API Gateway (SRV...
Best Practices for Safe Deployments on AWS Lambda and Amazon API Gateway (SRV...Best Practices for Safe Deployments on AWS Lambda and Amazon API Gateway (SRV...
Best Practices for Safe Deployments on AWS Lambda and Amazon API Gateway (SRV...Amazon Web Services
 
Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...
Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...
Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...Amazon Web Services
 
Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...
Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...
Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...Amazon Web Services
 
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...Amazon Web Services
 
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...Amazon Web Services
 
Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...
Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...
Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...Amazon Web Services
 
MassMutual Goes Cloud First with Hybrid Cloud on AWS (ENT210) - AWS re:Invent...
MassMutual Goes Cloud First with Hybrid Cloud on AWS (ENT210) - AWS re:Invent...MassMutual Goes Cloud First with Hybrid Cloud on AWS (ENT210) - AWS re:Invent...
MassMutual Goes Cloud First with Hybrid Cloud on AWS (ENT210) - AWS re:Invent...Amazon Web Services
 
Starting your Cloud Transformation Journey - Tel Aviv Summit 2018
Starting your Cloud Transformation Journey - Tel Aviv Summit 2018Starting your Cloud Transformation Journey - Tel Aviv Summit 2018
Starting your Cloud Transformation Journey - Tel Aviv Summit 2018Boaz Ziniman
 
Unleash the Power of Temporary AWS Credentials (a.k.a. IAM roles) (SEC390-R1)...
Unleash the Power of Temporary AWS Credentials (a.k.a. IAM roles) (SEC390-R1)...Unleash the Power of Temporary AWS Credentials (a.k.a. IAM roles) (SEC390-R1)...
Unleash the Power of Temporary AWS Credentials (a.k.a. IAM roles) (SEC390-R1)...Amazon Web Services
 
Identity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF LoftIdentity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF LoftAmazon Web Services
 
Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...
Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...
Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...Amazon Web Services
 
Introducing AWS Certificate Manager Private Certificate Authority (CA) - AWS ...
Introducing AWS Certificate Manager Private Certificate Authority (CA) - AWS ...Introducing AWS Certificate Manager Private Certificate Authority (CA) - AWS ...
Introducing AWS Certificate Manager Private Certificate Authority (CA) - AWS ...Amazon Web Services
 
Multi-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica HiveMulti-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica HiveAmazon Web Services
 
Build your Cloud Solution for Success - Tel Aviv Summit 2018
Build your Cloud Solution for Success - Tel Aviv Summit 2018Build your Cloud Solution for Success - Tel Aviv Summit 2018
Build your Cloud Solution for Success - Tel Aviv Summit 2018Amazon Web Services
 
Enabling Compliance with GDPR on AWS.pdf
Enabling Compliance with GDPR on AWS.pdfEnabling Compliance with GDPR on AWS.pdf
Enabling Compliance with GDPR on AWS.pdfAmazon Web Services
 
DEM20 Protecting Your Data in Amazon S3
DEM20 Protecting Your Data in Amazon S3DEM20 Protecting Your Data in Amazon S3
DEM20 Protecting Your Data in Amazon S3Amazon Web Services
 
Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Amazon Web Services
 
Building Highly Scalable Retail Order Management Systems with Serverless
Building Highly Scalable Retail Order Management Systems with ServerlessBuilding Highly Scalable Retail Order Management Systems with Serverless
Building Highly Scalable Retail Order Management Systems with ServerlessAmazon Web Services
 
Threat Detection and Mitigation at Scale on AWS
Threat Detection and Mitigation at Scale on AWS Threat Detection and Mitigation at Scale on AWS
Threat Detection and Mitigation at Scale on AWS Amazon Web Services
 

What's hot (20)

Best Practices for Safe Deployments on AWS Lambda and Amazon API Gateway (SRV...
Best Practices for Safe Deployments on AWS Lambda and Amazon API Gateway (SRV...Best Practices for Safe Deployments on AWS Lambda and Amazon API Gateway (SRV...
Best Practices for Safe Deployments on AWS Lambda and Amazon API Gateway (SRV...
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
 
Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...
Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...
Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...
 
Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...
Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...
Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...
 
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
 
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...
 
Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...
Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...
Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...
 
MassMutual Goes Cloud First with Hybrid Cloud on AWS (ENT210) - AWS re:Invent...
MassMutual Goes Cloud First with Hybrid Cloud on AWS (ENT210) - AWS re:Invent...MassMutual Goes Cloud First with Hybrid Cloud on AWS (ENT210) - AWS re:Invent...
MassMutual Goes Cloud First with Hybrid Cloud on AWS (ENT210) - AWS re:Invent...
 
Starting your Cloud Transformation Journey - Tel Aviv Summit 2018
Starting your Cloud Transformation Journey - Tel Aviv Summit 2018Starting your Cloud Transformation Journey - Tel Aviv Summit 2018
Starting your Cloud Transformation Journey - Tel Aviv Summit 2018
 
Unleash the Power of Temporary AWS Credentials (a.k.a. IAM roles) (SEC390-R1)...
Unleash the Power of Temporary AWS Credentials (a.k.a. IAM roles) (SEC390-R1)...Unleash the Power of Temporary AWS Credentials (a.k.a. IAM roles) (SEC390-R1)...
Unleash the Power of Temporary AWS Credentials (a.k.a. IAM roles) (SEC390-R1)...
 
Identity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF LoftIdentity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
 
Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...
Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...
Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...
 
Introducing AWS Certificate Manager Private Certificate Authority (CA) - AWS ...
Introducing AWS Certificate Manager Private Certificate Authority (CA) - AWS ...Introducing AWS Certificate Manager Private Certificate Authority (CA) - AWS ...
Introducing AWS Certificate Manager Private Certificate Authority (CA) - AWS ...
 
Multi-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica HiveMulti-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica Hive
 
Build your Cloud Solution for Success - Tel Aviv Summit 2018
Build your Cloud Solution for Success - Tel Aviv Summit 2018Build your Cloud Solution for Success - Tel Aviv Summit 2018
Build your Cloud Solution for Success - Tel Aviv Summit 2018
 
Enabling Compliance with GDPR on AWS.pdf
Enabling Compliance with GDPR on AWS.pdfEnabling Compliance with GDPR on AWS.pdf
Enabling Compliance with GDPR on AWS.pdf
 
DEM20 Protecting Your Data in Amazon S3
DEM20 Protecting Your Data in Amazon S3DEM20 Protecting Your Data in Amazon S3
DEM20 Protecting Your Data in Amazon S3
 
Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts
 
Building Highly Scalable Retail Order Management Systems with Serverless
Building Highly Scalable Retail Order Management Systems with ServerlessBuilding Highly Scalable Retail Order Management Systems with Serverless
Building Highly Scalable Retail Order Management Systems with Serverless
 
Threat Detection and Mitigation at Scale on AWS
Threat Detection and Mitigation at Scale on AWS Threat Detection and Mitigation at Scale on AWS
Threat Detection and Mitigation at Scale on AWS
 

Similar to AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore

AWS Initiate - Landing Zone: Como saber se sua base está preparada
AWS Initiate - Landing Zone: Como saber se sua base está preparadaAWS Initiate - Landing Zone: Como saber se sua base está preparada
AWS Initiate - Landing Zone: Como saber se sua base está preparadaAmazon Web Services LATAM
 
Landing Zone: Como ter certeza que sua Fundação está preparada
Landing Zone: Como ter certeza que sua Fundação está preparadaLanding Zone: Como ter certeza que sua Fundação está preparada
Landing Zone: Como ter certeza que sua Fundação está preparadaAmazon Web Services LATAM
 
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsLock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsAmazon Web Services
 
Landing zones: Creating a Foundation for Your AWS Migrations
Landing zones: Creating a Foundation for Your AWS MigrationsLanding zones: Creating a Foundation for Your AWS Migrations
Landing zones: Creating a Foundation for Your AWS MigrationsAli Asgar Juzer
 
New AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your WorkloadNew AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your WorkloadAmazon Web Services
 
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...Amazon Web Services
 
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...Amazon Web Services
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Amazon Web Services
 
Automated Monitoring of Best Practices and Operational Health of Your AWS Res...
Automated Monitoring of Best Practices and Operational Health of Your AWS Res...Automated Monitoring of Best Practices and Operational Health of Your AWS Res...
Automated Monitoring of Best Practices and Operational Health of Your AWS Res...Amazon Web Services
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Amazon Web Services
 
Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...
Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...
Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...Amazon Web Services
 
So You Want to be Well-Architected?
So You Want to be Well-Architected?So You Want to be Well-Architected?
So You Want to be Well-Architected?Amazon Web Services
 
Secure Your Customers' Data From Day One
Secure Your Customers' Data From Day OneSecure Your Customers' Data From Day One
Secure Your Customers' Data From Day OneAmazon Web Services
 
How to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfHow to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfAmazon Web Services
 
Automating Compliance on AWS (HLC302-S-i) - AWS re:Invent 2018
Automating Compliance on AWS (HLC302-S-i) - AWS re:Invent 2018Automating Compliance on AWS (HLC302-S-i) - AWS re:Invent 2018
Automating Compliance on AWS (HLC302-S-i) - AWS re:Invent 2018Amazon Web Services
 
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...Amazon Web Services
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best PracticesSecurity Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best PracticesAmazon Web Services
 
How Verizon is Accelerating Cloud Adoption and Migration with the AWS Service...
How Verizon is Accelerating Cloud Adoption and Migration with the AWS Service...How Verizon is Accelerating Cloud Adoption and Migration with the AWS Service...
How Verizon is Accelerating Cloud Adoption and Migration with the AWS Service...Amazon Web Services
 

Similar to AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore (20)

AWS Initiate - Landing Zone: Como saber se sua base está preparada
AWS Initiate - Landing Zone: Como saber se sua base está preparadaAWS Initiate - Landing Zone: Como saber se sua base está preparada
AWS Initiate - Landing Zone: Como saber se sua base está preparada
 
Landing Zone: Como ter certeza que sua Fundação está preparada
Landing Zone: Como ter certeza que sua Fundação está preparadaLanding Zone: Como ter certeza que sua Fundação está preparada
Landing Zone: Como ter certeza que sua Fundação está preparada
 
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsLock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
 
Landing zones: Creating a Foundation for Your AWS Migrations
Landing zones: Creating a Foundation for Your AWS MigrationsLanding zones: Creating a Foundation for Your AWS Migrations
Landing zones: Creating a Foundation for Your AWS Migrations
 
New AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your WorkloadNew AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your Workload
 
Security@Scale
Security@ScaleSecurity@Scale
Security@Scale
 
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
 
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
 
Automated Monitoring of Best Practices and Operational Health of Your AWS Res...
Automated Monitoring of Best Practices and Operational Health of Your AWS Res...Automated Monitoring of Best Practices and Operational Health of Your AWS Res...
Automated Monitoring of Best Practices and Operational Health of Your AWS Res...
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
 
Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...
Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...
Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...
 
So You Want to be Well-Architected?
So You Want to be Well-Architected?So You Want to be Well-Architected?
So You Want to be Well-Architected?
 
Secure Your Customers' Data From Day One
Secure Your Customers' Data From Day OneSecure Your Customers' Data From Day One
Secure Your Customers' Data From Day One
 
How to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfHow to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdf
 
Automating Compliance on AWS (HLC302-S-i) - AWS re:Invent 2018
Automating Compliance on AWS (HLC302-S-i) - AWS re:Invent 2018Automating Compliance on AWS (HLC302-S-i) - AWS re:Invent 2018
Automating Compliance on AWS (HLC302-S-i) - AWS re:Invent 2018
 
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best PracticesSecurity Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best Practices
 
Security Framework Shakedown
Security Framework ShakedownSecurity Framework Shakedown
Security Framework Shakedown
 
How Verizon is Accelerating Cloud Adoption and Migration with the AWS Service...
How Verizon is Accelerating Cloud Adoption and Migration with the AWS Service...How Verizon is Accelerating Cloud Adoption and Migration with the AWS Service...
How Verizon is Accelerating Cloud Adoption and Migration with the AWS Service...
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore

  • 1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Steve Sofian Solutions Architect, Amazon Web Services AWS Accounts@Scale Using AWS Landing Zone
  • 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Session Agenda Defining the Problem Landing Zone Overview Components of a Landing Zone Wrap Up, Next Steps
  • 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Account Security/Resource Boundary API Limits/Throttling Billing Separation
  • 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Account Models One Account 1,000s of Accounts
  • 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Why One Isn’t Enough Many Teams Isolation Security Controls Business Process Billing
  • 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Multiple Accounts • Complete security and resources isolation • Smaller blast radius • Simplified billing per account Pros • Aggregation/Distribution • Setup and operation overhead • More complex security policies across accounts Cons
  • 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What Problem Are We Solving?
  • 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Control What is it that we need?
  • 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Goals Guardrails NOT Blockers Auditable Flexible Automated Scalable Self-service
  • 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What is a Landing Zone? H • AWS best practices • AWS account structure • Patterns based • Standards defined • Adaptable foundation • Governance guardrails • Automation driven • Versioned infrastructure
  • 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Components of Landing Zone
  • 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Account Structure Network Design Identity / Access Components of Landing Zone Security / Visibility Shared Services Automation / Change
  • 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Account Structure Network Design Identity / Access Components of Landing Zone Security / Visibility Shared Services Automation / Change
  • 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security/Resource Boundary Limits Billing Separation AWS Account
  • 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Why One Isn’t Enough Many Teams Isolation Security Controls Business Process Billing
  • 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Organizations Organizational Hierarchy Security Policy Billing Visibility Automation Driven
  • 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. DEV PROD INFOSEC LOG Shared SVC Network Sample Account Structure
  • 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Account Structure Network Design Identity / Access Components of Landing Zone Security / Visibility Shared Services Automation / Change
  • 21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. IAM Roles Federation IAM Users Managed Policies KMS Keys Job/Function Based, Cross Account Leverage existing Directory, Map Roles Limit Use, Rotate Keys, Securely Stored, MFA AWS Managed to start, Limit Inline policies CMK Per Service Identity & Access Foundation
  • 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Account Structure Network Design Identity / Access Components of Landing Zone Security / Visibility Shared Services Automation / Change
  • 23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Multi-AZ Public vs. Private Ingress/ Egress points VPC Design
  • 24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Network Paths
  • 25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Account Structure Network Design Identity / Access Components of Landing Zone Security / Visibility Shared Services Automation / Change
  • 26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Log Analysis CloudWatch Events AWS Config Rules Amazon GuardDuty AWS Config Amazon VPC Flow Logs CloudTrail Data Gathering Analysis / Enforcement Access Logs Continuous Compliance
  • 27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Account Structure Network Design Identity / Access Components of Landing Zone Security / Visibility Shared Services Automation / Change
  • 28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Directory Code Repo Monitoring AMI / EC2 Management Common Shared Services
  • 29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Account Structure Network Design Identity / Access Components of Landing Zone Security / Visibility Shared Services Automation / Change
  • 30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. CloudFormation StackSets Automation & Change Management Service Catalog Pipeline
  • 31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Next Steps • Engage with your AWS Account Team • Leverage the APN • Check out new the AWS Landing Zone solution • https://aws.amazon.com/answers/aws-landing-zone/
  • 32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank You