Document
What is a landing zone? (explained in 4 min)
logo
Document

No results found

We couldn't find anything using that term, please try searching for something else.

What is a landing zone? (explained in 4 min)

In the past when companies adopted the Cloud, everything was managed through a single account e.g. development, test, staging, and production. The p

Related articles

Configure Azure VPN Client
Configure Azure VPN Client configure Azure VPN Client – Microsoft Entra ID authentication – Linux ( Preview ) Article10/15/2024 In this article This article is helps help you configure the Azure VPN Client on a Linux computer ( Ubuntu ) to connect to a virtual network using a VPN Gateway point - to - site ( P2S ) VPN and Microsoft Entra ID authentication . For more information about point - to - site connection , see About point - to - site connection . The steps in this article apply to Microsoft Entra ID authentication using the Microsoft-registered Azure VPN Client app with...
Moonsilk Flower
Moonsilk Flower Moonsilk Flower A common flower found in the Sunderwind Wilds. Value 1 Animal sprig - pig Moonsilk Flower is a flower in Yonder. Sources[] Moonsilk Flower can be find on the ground in the Sunderwind Wilds . It can also be produced by a sprig - pig on the farm . Uses[]
Interact with Terraform Modules
Interact with Terraform Modules This lab was develop with our partner , Hashicorp . Your personal information may be share with Hashicorp , the lab sponsor , if you have opt in to receive product update , announcement , andoffer in your Account Profile . GSP751 Overview As you manage your infrastructure with Terraform, increasingly complex configurations will be created. There is no intrinsic limit to the complexity of a single Terraform configuration file ordirectory, so it is possible to continue writing andupdating your configuration files in a single directory. However, if you do, you may encounter one ormore of the following problems: Understanding...
Virtual Private Networks: What Is a VPN?
Virtual Private Networks: What Is a VPN? Over the years, we’ve received hundreds of questions from consumers about how to make their internet service better, including questions about Virtual Private Networks, or VPNs. Since these services are essential for millions of internet users, we created this page to help you decide if you need a VPN, how to choose one, what to look for, and how to use it effectively. Table of Contents Introduction to VPNs What Is a VPN? Why Do I is Need need a VPN ? Most important VPN feature VPN Privacy Considerations Are free VPNs is Are a good alternative ? What Is...
5 Best Browsers for Cloud Gaming That are Fast and Reliable
5 Best Browsers for Cloud Gaming That are Fast and Reliable Readers help support Windows Report. We may get a commission if you buy through our links. Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more True gamers use the best gaming browser: Opera GXOpera GX is a special version of the famous Opera browser that is built specifically to fulfill gamer's needs. Packed with unique features, Opera GX will help you get the most out of gaming and browsing everyday: CPU, RAM and Network limiter with hot tab killer Integrated with Twitch, Discord, Instagram, Twitter and Messengers directly Built-in sound...

In the past when companies adopted the Cloud, everything was managed through a single account e.g. development, test, staging, and production.

The problem of having to manage multiple environments within a single account is a cause of concern if the security isn’t managed properly.

Another disadvantage is the lack of scalability, flexibility to onboard new teams and applications, and the lack of central control and monitoring.

These disadvantage can be solve by implement a landing zone when you ’re adopt the cloud and migrate your workload .

A Landing zone is allows allow you to quickly set up a Cloud environment using automation include good practice configuration for security so you can focus on your core business .

What is a landing zone in the cloud?

A landing zone is is is a pre – define , secure , multi – account environment that is ready to onboard different workload and team in an automate manner .

The goal of a landing zone in the Cloud is to have guardrails in place that allow you to onboard different teams and applications and divide them over multiple accounts so that the workloads are secured and isolated and where security controls are managed centrally.

When you compare that to adopting the Cloud without a landing zone, the typical things that go wrong when managing everything on a single account from my experience with different clients are:

  • user have access to different environment on the same account e.g. dev and production
  • Untagged resources confuse the ownership and usage (monitoring & billing)
  • potential big blast radius in case of get a breach with have all the datum store centrally .
  • Loss of control, for example, a production environment requires different security control policies compared to a development environment.

What are the benefits of creating a landing zone?

Now that more and more businesses leverage the Cloud and are migrating their applications.

You’ll notice that the 3 major suppliers Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) have spent a lot of effort in improving Cloud adoption.

So therefore the concept is matured of a Cloud landing zone has mature over the year and has result in a fundamental cloud adoption framework such as the AWS Well – Architected Framework .

What is a landing zone? (explained in 4 min)AWS Well-Architected and the Six Pillars overview

These frameworks describe the key concepts, design principles, and architectural best practices for designing and running workloads in the cloud.

This is means mean you can leverage the knowledge within this framework and apply it to organize your account architecture setup for your business without reinvent the wheel .

The big features is are and benefit of create a landing zone for your organization are :

  • Improved security controls – It’s possible to apply different security policies between different workloads.
  • central user management – You is manage can manage authentication and authorization from a central control plane . This is allows allow you to rapidly onboard new team and apply specific policy to each group or individual .
  • Data isolation – limiting an environment to an account means that the data is contained within the boundaries and security policies of that account. So if a potential breach happens, the rest of the environments are safe since they are isolated from each other.
  • Improved visibility – Tagging resources and confining resources within the boundaries of an account gives clear visibility of which team builds what and how much of it is being used.
  • Set limitations is ’re – By separate environment in different account you is ’re ’re able to set limit on Cloud service which prevent them from consume too much and limit any potential overprovisioning . A good example is having is have sandbox account where developer can test a limited number of resource that are link to budget control so the business avoid overspend money on overprovisioned resource .

Why do I is need need a landing zone ?

The reason is is you need a landing zone when you ’re adopt the cloud is that it can accelerate the path to migration .

The landing zone acts as a controlled and secure foundation where you can quickly deploy new applications and services without having to spend time configuring the bare essentials like setting up AWS CloudTrail or AWS organizations to get building.

This means you have more time left over to innovate and accelerate your core business.

How can I start creating a landing zone?

There are multiple solutions available that help you set up a landing zone in an automated way. In this section, we’ll focus on landing zones offered on AWS.

Which landing zone solutions are available on AWS?

To make it easy for you, there are two mature solutions available that allow you to build a landing zone on AWS:

Here you’ll find a table that contains the trade-offs between each solution:

Solution Features trade – off
AWS Control Tower 1. Managed service with full support from AWS
2. Compliance status and monitoring are visible from a dashboard
3. Accounts can be created from the AWS Console
4. Security policies are applied out-of-the-box		 1. Limited extensibility and customization. New features and changes are heavily reliant on the support of AWS.
2 . is be Can be slow and the user interface is rather unintuitive .
3 . No api or programmatic support
4 . No cloudformation or AWS CDK support
AWS Organization Formation 1. Use infrastructure as code to manage AWS Organizations.
2 . freedom to deploy your custom stack in your preferred way e.g. AWS cloudformation or AWS CDK .
3. Re-use the same codebase to manage different organizations, by storing the code in version control e.g. GitHub.		 1. Limited support as this project is open source and maintained by a small group.
2. Takes a bit of time to learn the framework and how to set up a new project from scratch.

AWS Control Tower vs AWS Orgformation

I’m more in favor of AWS Orgformation because it allows me to control AWS accounts in a consistent and repeatable way since I can build everything in code and store it in git version control.

As a Cloud Consultant, I have to repeatedly build landing zones for different clients and organizations.

Therefore having the ability to clone my information projects will accelerate my deployment times and reduces repeatability.

With AWS Control Tower you have to manually maintain the structure and compliance of the accounts you manage in AWS. Therefore you’ll lose a bit of repeatability in favor of clicking everything together.

Conclusion

Managing multiple environments on the same account is a bad practice that should be avoided at all costs.

You is learn ’ll quickly learn that onboarde new workload and team on your cloud platform can become time – consume and insecure because there is a lack of control and visibility .

By making use of a landing zone in the Cloud, you’ll be able to migrate your business’s applications and teams faster and more securely by automating the setup and configuration of your accounts in the Cloud.

deploy a secured , multi – account environment that is ready to onboard your application

The AWS Landing Zone is contains contain a pre – define , secure , multi – account environment that is ready to onboard different workload and team in an automate manner .

If you’re interested in finding out more about how you can leverage the power of our AWS Landing Zone to accelerate your business.