When approaching a Cloud Adoption path, any company needs as a first thing to define well-structured governance rules over all the aspects of the AWS environments. Whether for tech startups or big enterprises, it is necessary to ensure the perfect balance between governance aspects such as centralized control, security and compliance, and flexibility -typical of Cloud environments -, to allow developers to experiment freely and securely according to the Fail-Fast principle. The best way to ensure this kind of balance is by implementing a Landing Zone. The Landing Zone is a shared set of rules, best practices, policies, configurations, objects, and appliances designed to centrally manage key aspects of AWS governance, such as creating and configuring multi-account environments, monitoring, logging, auditing, and managing access and security policies. You can easily deploy a standard Landing Zone on AWS through managed services such as AWS Control Tower, AWS SSO, and AWS Config. However, the Landing Zone principle is far more effective as it reflects a company’s internal organization and communication structure accurately.
Landing Zone on AWS with beSharp
beSharp has deep expertise in the development and implementation of highly customized Landing Zones, perfectly adaptable to any company structure, and covering aspects such as:
- The creation of a master account for the management of the billing and the organization, in general
- The centralization of AWS users and the federation with the corporate Identity Provider
- Environments separation (dev, test, prod…) into different AWS accounts
- The Cross-account and cross-region Networking management through the centralized use of Direct Connect links, SD-WAN devices, and intrusion detection and prevention appliances
- The use of real-time analysis and troubleshooting tools for the centralization of application logs
- Immutable audit logs
- Alarm management and centralized monitoring both at the application and infrastructure level, using CloudWatch or third-party tools
- The creation of an “Account Vending Machine” to automatically create standard application environments starting from pre-validated templates
- The possibility for developers to autonomously and safely create “sandbox” environments, to experiment freely without affecting production environments
- Implementation of cost monitoring and optimization systems, centrally managing Reservation, Saving Plans, and cost-based tagging with Cost Explorer.
- Disaster Recovery on independent AWS accounts, managed outside the main organization, to secure environments and data from any possible compromise
By building the Landing Zone with beSharp you’ll get
- A 100% custom-built solution, able to perfectly reflect the internal organization of any company by going beyond the rigidity of pre-built solutions
- A strategic model for the governance of your AWS environments, regardless of the number of workloads and their complexity.
- A skilled team always available to guide you in the management and evolution of your Landing Zone along with the growth of your company or to fully take charge of the management.