Deploy a cloud foundation to support highly-regulated workloads and complex compliance requirements
Publication date: May 2022 (last update: August 2024)
The Landing Zone Accelerator on AWS (LZA) is architected to align with AWS best practices
and in conformance with multiple, global compliance frameworks. We recommend customers deploy
AWS Control Tower
We provide this solution as an open-source project that we built using the AWS Cloud Development Kit
-
Configure additional functionality, controls, and security services such as AWS Config
Managed Rules and AWS Security Hub . -
Manage your foundational networking topology such as Amazon Virtual Private Cloud
(Amazon VPC), AWS Transit Gateway , and AWS Network Firewall . -
Generate additional workload accounts using the AWS Control Tower Account Factory.
There are no additional charges or upfront commitments required to use Landing Zone Accelerator on AWS. You pay only for AWS services turned on to set up your platform and operate your controls. This solution can also support non-standard AWS partitions, including the AWS GovCloud (US), AWS Secret, and AWS Top Secret Regions.
This implementation guide describes architectural considerations and configuration steps
for deploying the Landing Zone Accelerator on AWS. It includes links to an AWS CloudFormation
Use this navigation table to quickly find answers to these questions:
If you want to... | Read... |
---|---|
Know the cost for running this solution. The estimated cost for running this solution using AWS sample configuration |
Cost |
Understand the security considerations for this solution. | Security |
Know how to plan for quotas for this solution. | Quotas |
Know which AWS Regions are supported for this solution. | Supported AWS Regions |
View or download the AWS CloudFormation template included in this solution to automatically deploy the infrastructure resources (the “stack”) for this solution. | AWS CloudFormation template |
Deploy this solution in a configuration that supports a specific Region or industry. |
Landing Zone Accelerator on AWS solution page |
Know how to troubleshoot common deployment errors. | Troubleshooting |
Use AWS Support to help you deploy, use, or troubleshoot the solution. | AWS Support |
Access the source code and optionally use the AWS Cloud Development Kit (AWS CDK) to deploy the solution. | GitHub
repository |
This guide is intended for solution architects, business decision makers, DevOps engineers, data scientists, and cloud professionals who want to implement the Landing Zone Accelerator on AWS solution in their environment.
Important
This solution will not, by itself, make you compliant. It provides the foundational infrastructure from which additional complementary solutions can be integrated. The information contained in this solution implementation guide is not exhaustive. You must review, evaluate, assess, and approve the solution in compliance with your organization’s particular security features, tools, and configurations. It is the sole responsibility of you and your organization to determine which regulatory requirements are applicable and to ensure that you comply with all requirements. Although this solution discusses both the technical and administrative requirements, this solution does not help you comply with the non-technical administrative requirements.