Deploy a cloud foundation to support highly-regulated workloads and complex compliance requirements
The Landing Zone Accelerator on AWS (LZA) is architected to align with AWS best practices and in conformance with multiple, global compliance frameworks. We recommend customers deploy AWS Control Tower
We provide this solution as an open-source project that we built using the AWS Cloud Development Kit
-
Configure additional functionality, controls, and security services such as AWS Config
Managed Rules and AWS Security Hub . -
Manage your foundational networking topology such as Amazon Virtual Private Cloud
(Amazon VPC), AWS Transit Gateway , and AWS Network Firewall . -
Generate additional workload accounts using the AWS Control Tower Account Factory.
There are no additional charges or upfront commitments required to use Landing Zone Accelerator on AWS. You pay only for AWS services turned on to set up your platform and operate your controls. This solution can also support non-standard AWS partitions, including the AWS GovCloud (US), AWS Secret, and AWS Top Secret Regions.
This implementation guide describes architectural considerations and configuration steps for deploying the Landing Zone Accelerator on AWS. It includes links to an AWS CloudFormation
Use this navigation table to quickly find answers to these questions:
If you want to… | Read… |
---|---|
Know the cost for running this solution. The estimated cost for running this solution using AWS sample configuration |
|
Understand the security considerations for this solution. |
|
Know how to plan for quotas for this solution. |
|
Know which AWS Regions are supported for this solution. |
|
View or download the AWS CloudFormation template included in this solution to automatically deploy the infrastructure resources (the "stack") for this solution. |
|
Deploy this solution in a configuration that supports a specific Region or industry. |
|
Know how to troubleshoot common deployment errors. |
|
Use AWS Support to help you deploy, use, or troubleshoot the solution. |
|
Access the source code and optionally use the AWS Cloud Development Kit (AWS CDK) to deploy the solution. |
This guide is intended for solution architects, business decision makers, DevOps engineers, data scientists, and cloud professionals who want to implement the Landing Zone Accelerator on AWS solution in their environment.
Important
This solution will not, by itself, make you compliant. It provides the foundational infrastructure from which additional complementary solutions can be integrated. The information contained in this solution implementation guide is not exhaustive. You must review, evaluate, assess, and approve the solution in compliance with your organization’s particular security features, tools, and configurations. It is the sole responsibility of you and your organization to determine which regulatory requirements are applicable and to ensure that you comply with all requirements. Although this solution discusses both the technical and administrative requirements, this solution does not help you comply with the non-technical administrative requirements.