Overall security governance - AWS Landing Zones

Relevant to most of the Principles covered by the Good Practice Guide, a Landing Zone is a solution available from AWS that automatically creates an environment consisting of a set of related AWS accounts configured in such a way as to establish security (and cost-related) guardrails for AWS usage by a wide variety of teams with minimum friction. The environment includes the foundations of identity management, logging and monitoring, governance, security, and network design, the specifics of which may be implemented using decisions made in examining each of the principles covered below. For more information about the solution itself, see the AWS Landing Zone page.

Principles

• Principle 1: Data in transit protection
• Principle 2: Asset protection and resilience
• Principle 3: Separation between users
• Principle 4: Governance framework
• Principle 5: Operational security
• Principle 6: Personnel security
• Principle 7: Secure development
• Principle 8: Supply chain security
• Principle 9: Secure user management
• Principle 10: End user identity and authentication
• Principle 11: External interface protection
• Principle 12: Secure service administration
• Principle 13: Audit information for users
• Principle 14: Secure use of the service