SlideShare a Scribd company logo

Landing zones: Creating a Foundation for Your AWS Migrations

Download as PPTX, PDF
A
Ali Asgar Juzer

The document outlines the concept of landing zones in AWS, which provide a foundational multi-account environment based on best practices for secure and scalable cloud operations. It highlights the components and architecture needed for landing zones, including network design, security measures, and identity access management. Additionally, it offers best practices for building and optimizing AWS infrastructure while emphasizing automation and collaboration.

Technology
1 of 29
Downloaded 65 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Ali Asgar Juzer Sr. Advisory Consultant, Professional Services Amazon Web Services Landing Zones: Creating a Foundation for Your AWS Migrations
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Session Agenda 1. Definition of the Problem 2. Landing Zone Concept 3. Components of a Landing Zone 4. AWS Best Practices & Tips for Building a Landing Zone
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Definition of the Problem
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. meets the organization’s security and auditing requirements ready to support highly available and scalable workloads configurable to support evolving business requirements What do you need
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Landing Zone Concept
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Landing Zone What is a Landing Zone Multi-Account AWS Environment Based on AWS Best Practices Set of Architecture Patterns For Shared Core Services Adaptable Foundation With Governance Guardrails Automation Driven Versioned Infrastructure
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Logging Configuration Image Migrate Iterate Operate & Optimize Start Accounts End User Interaction AutomationService Catalog Domains Direct Connect Central Services Access Identities Federation Network Security Identity & Access Cloud Users What’s Next ? Building a Landing Zone Business Needs
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Landing Zone Components
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Start Accounts Network Security Identity & Access Cloud Users What’s Next ?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Account Structure Billing visibility Environment isolation Small blast radius Shared Core services Centralized logs Governance at Scale
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Start Accounts Network Security Identity & Access Cloud Users What’s Next ?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Non-overlapping IP range VPC Design Logging and Monitoring VPN / AWS Direct Connect Subnet Design Access Control Lists & Security Groups Network Design
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Network Design VPN/Direct Connect VPC Peering DNS Domains Ingress/Egress Points Bastion Hosts
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Start Accounts Network Security Identity & Access Cloud Users What’s Next ?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security CloudWatch Metrics & Alarms CloudTrail Logs for Auditing VPC Flow Logs for Network Insights AMI Factory for Hardened OS Images Amazon GuardDuty for Threat Detection AWS Config Rules for Dynamic Compliance and more…
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Start Accounts Network Security Identity & Access Cloud Users What’s Next ?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Identity & Access Management
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Corporate Data Center Browser interface Identity Store AD Group Identity and authentication AWS Accounts Identity & Access Management Mapping to specific IAM roles with access policies Example: Federation with AD
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Start Accounts Network Security Identity & Access Cloud Users What’s Next ?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cloud consumers Browse products 2 5 Notifications and outputs Notifications and outputs 5 4 Deploy Administrator 3 Select version, Provision product, configure parameters Portfolio Cloud Consumption Model Example: AWS Service Catalog 1 Maintain Products
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Start Accounts Network Security Identity & Access Cloud Users What’s Next ?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Build, Operate and Optimize AWS Managed Services AWS Managed Services Provider Partners Build & Manage Your Own Infrastructure Operations Management for the Enterprise by AWS Next Gen Managed Services Providers with 3rd Party Audits In-house Capabilities to Run & Operate at Scale
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tips to Get Started
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Best Practices & Tips LZ 1. Automate Everything 2. Start Small, Develop Fast, Iterate Frequently 3. Collaborate & Improve 4. Assess Build vs. Buy Decisions 5. Learn & Seek from the Experts 6. Think Holistic - Business, Governance, People, Platform, Security & Operations
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What Did We Cover in This Session © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. meets the organization’s security and auditing requirements ready to support highly available and scalable workloads configurable to support evolving business requirements © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Landing Zone Multi-Account AWS Environment Based on AWS Best Practices Set of Architecture Patterns For Shared Core Services Adaptable Foundation With Governance Guardrails Automation Driven Versioned Infrastructure © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Managed Services AWS Managed Services Provider Partners Build & Manage Your Own Infrastructure Operations Management for the Enterprise by AWS Next Gen Managed Services Providers with 3rd Party Audits In-house Capabilities to Run & Operate at Scale
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank you!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Please complete the session survey in the summit mobile app.

More Related Content

PDF
Busting the Myths to AWS Cloud Adoption_Liam Caskie
Helen Rogers
 
PPTX
Hybrid Cloud on AWS: Foundational Layers and AWS Services
Tom Laszewski
 
PPTX
DevOps, CI/CD, cost management, and security on AWS
Tom Laszewski
 
PPTX
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Tom Laszewski
 
PPTX
Hybrid Cloud on AWS - Introduction and Art of the Possible
Tom Laszewski
 
PPTX
Cloud Migration, Application Modernization, and Security
Tom Laszewski
 
PPTX
Deep dive - AWS security by design
Richard Harvey
 
PPTX
Adopting AWS in your organization - ITPalooza 2015
CloudHesive
 
Busting the Myths to AWS Cloud Adoption_Liam Caskie
Helen Rogers
 
Hybrid Cloud on AWS: Foundational Layers and AWS Services
Tom Laszewski
 
DevOps, CI/CD, cost management, and security on AWS
Tom Laszewski
 
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Tom Laszewski
 
Hybrid Cloud on AWS - Introduction and Art of the Possible
Tom Laszewski
 
Cloud Migration, Application Modernization, and Security
Tom Laszewski
 
Deep dive - AWS security by design
Richard Harvey
 
Adopting AWS in your organization - ITPalooza 2015
CloudHesive
 

Similar to Landing zones: Creating a Foundation for Your AWS Migrations (20)

PDF
엔터프라이즈를 위한 하이브리드 클라우드 및 보안 관리
Amazon Web Services Korea
 
PDF
AWS Architecture Fundamentals - Houston
Nicole Maus
 
PPTX
Building Bulletproof Infrastructure on AWS
2nd Watch
 
PDF
Securing Your Customers Data From Day One
Amazon Web Services LATAM
 
PDF
엔터프라이즈의 효과적인 클라우드 도입을 위한 전략 및 적용 사례-신규진 프로페셔널 서비스 리드, AWS/고병률 데이터베이스 아키텍트, 삼성...
Amazon Web Services Korea
 
PPTX
Cloudifying your Security Operations on AWS
CloudHesive
 
PPTX
AWS 101 - An Introduction to the Amazon Cloud
CloudHesive
 
PPTX
AWS Landing Zone - Architecting Security and Governance.pptx
Akesh Patil
 
PPTX
Pitt Immersion Day- Module 1
EagleDream Technologies
 
PDF
Segurança de Ponta a Ponta na AWS
Alexandre Santos
 
PDF
DevopsDays Geneva 2020 - Compliance & Governance as Code
jeromevdl
 
PPTX
Private Equity Value Creation Carve Outs, Divestitures and mergers
Tom Laszewski
 
PDF
Hybrid cloud for financial sector :: Felix Candelario :: AWS Finance Seminar
Amazon Web Services Korea
 
PPTX
Being Well Architected in the Cloud (Updated)
Adrian Hornsby
 
PPTX
AWS Initiate - Landing Zone: Como saber se sua base está preparada
Amazon Web Services LATAM
 
PDF
Aws Architecture Fundamentals
2nd Watch
 
PPTX
Managing Security on AWS
AWS Summits
 
PDF
Security in the cloud
Reham Maher El-Safarini
 
PDF
Being Well Architected in the Cloud
Adrian Hornsby
 
PDF
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
AWS Germany
 
엔터프라이즈를 위한 하이브리드 클라우드 및 보안 관리
Amazon Web Services Korea
 
AWS Architecture Fundamentals - Houston
Nicole Maus
 
Building Bulletproof Infrastructure on AWS
2nd Watch
 
Securing Your Customers Data From Day One
Amazon Web Services LATAM
 
엔터프라이즈의 효과적인 클라우드 도입을 위한 전략 및 적용 사례-신규진 프로페셔널 서비스 리드, AWS/고병률 데이터베이스 아키텍트, 삼성...
Amazon Web Services Korea
 
Cloudifying your Security Operations on AWS
CloudHesive
 
AWS 101 - An Introduction to the Amazon Cloud
CloudHesive
 
AWS Landing Zone - Architecting Security and Governance.pptx
Akesh Patil
 
Pitt Immersion Day- Module 1
EagleDream Technologies
 
Segurança de Ponta a Ponta na AWS
Alexandre Santos
 
DevopsDays Geneva 2020 - Compliance & Governance as Code
jeromevdl
 
Private Equity Value Creation Carve Outs, Divestitures and mergers
Tom Laszewski
 
Hybrid cloud for financial sector :: Felix Candelario :: AWS Finance Seminar
Amazon Web Services Korea
 
Being Well Architected in the Cloud (Updated)
Adrian Hornsby
 
AWS Initiate - Landing Zone: Como saber se sua base está preparada
Amazon Web Services LATAM
 
Aws Architecture Fundamentals
2nd Watch
 
Managing Security on AWS
AWS Summits
 
Security in the cloud
Reham Maher El-Safarini
 
Being Well Architected in the Cloud
Adrian Hornsby
 
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
AWS Germany
 
Ad

Recently uploaded (20)

PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
Approach and Philosophy of On baking technology
30anthuong17
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Cloud computing and distributed systems.
kkkkkhan
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
A Presentation on Artificial Intelligence
memembruh336
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Encapsulation theory and applications.pdf
gurumoop
 
Ad

Landing zones: Creating a Foundation for Your AWS Migrations

  • 1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Ali Asgar Juzer Sr. Advisory Consultant, Professional Services Amazon Web Services Landing Zones: Creating a Foundation for Your AWS Migrations
  • 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Session Agenda 1. Definition of the Problem 2. Landing Zone Concept 3. Components of a Landing Zone 4. AWS Best Practices & Tips for Building a Landing Zone
  • 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Definition of the Problem
  • 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. meets the organization’s security and auditing requirements ready to support highly available and scalable workloads configurable to support evolving business requirements What do you need
  • 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Landing Zone Concept
  • 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Landing Zone What is a Landing Zone Multi-Account AWS Environment Based on AWS Best Practices Set of Architecture Patterns For Shared Core Services Adaptable Foundation With Governance Guardrails Automation Driven Versioned Infrastructure
  • 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Logging Configuration Image Migrate Iterate Operate & Optimize Start Accounts End User Interaction AutomationService Catalog Domains Direct Connect Central Services Access Identities Federation Network Security Identity & Access Cloud Users What’s Next ? Building a Landing Zone Business Needs
  • 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Landing Zone Components
  • 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Start Accounts Network Security Identity & Access Cloud Users What’s Next ?
  • 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Account Structure Billing visibility Environment isolation Small blast radius Shared Core services Centralized logs Governance at Scale
  • 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Start Accounts Network Security Identity & Access Cloud Users What’s Next ?
  • 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Non-overlapping IP range VPC Design Logging and Monitoring VPN / AWS Direct Connect Subnet Design Access Control Lists & Security Groups Network Design
  • 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Network Design VPN/Direct Connect VPC Peering DNS Domains Ingress/Egress Points Bastion Hosts
  • 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Start Accounts Network Security Identity & Access Cloud Users What’s Next ?
  • 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security CloudWatch Metrics & Alarms CloudTrail Logs for Auditing VPC Flow Logs for Network Insights AMI Factory for Hardened OS Images Amazon GuardDuty for Threat Detection AWS Config Rules for Dynamic Compliance and more…
  • 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Start Accounts Network Security Identity & Access Cloud Users What’s Next ?
  • 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Identity & Access Management
  • 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Corporate Data Center Browser interface Identity Store AD Group Identity and authentication AWS Accounts Identity & Access Management Mapping to specific IAM roles with access policies Example: Federation with AD
  • 21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Start Accounts Network Security Identity & Access Cloud Users What’s Next ?
  • 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cloud consumers Browse products 2 5 Notifications and outputs Notifications and outputs 5 4 Deploy Administrator 3 Select version, Provision product, configure parameters Portfolio Cloud Consumption Model Example: AWS Service Catalog 1 Maintain Products
  • 23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Start Accounts Network Security Identity & Access Cloud Users What’s Next ?
  • 24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Build, Operate and Optimize AWS Managed Services AWS Managed Services Provider Partners Build & Manage Your Own Infrastructure Operations Management for the Enterprise by AWS Next Gen Managed Services Providers with 3rd Party Audits In-house Capabilities to Run & Operate at Scale
  • 25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tips to Get Started
  • 26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Best Practices & Tips LZ 1. Automate Everything 2. Start Small, Develop Fast, Iterate Frequently 3. Collaborate & Improve 4. Assess Build vs. Buy Decisions 5. Learn & Seek from the Experts 6. Think Holistic - Business, Governance, People, Platform, Security & Operations
  • 27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What Did We Cover in This Session © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. meets the organization’s security and auditing requirements ready to support highly available and scalable workloads configurable to support evolving business requirements © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Landing Zone Multi-Account AWS Environment Based on AWS Best Practices Set of Architecture Patterns For Shared Core Services Adaptable Foundation With Governance Guardrails Automation Driven Versioned Infrastructure © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Managed Services AWS Managed Services Provider Partners Build & Manage Your Own Infrastructure Operations Management for the Enterprise by AWS Next Gen Managed Services Providers with 3rd Party Audits In-house Capabilities to Run & Operate at Scale
  • 28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank you!
  • 29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Please complete the session survey in the summit mobile app.

Editor's Notes

  • #18: Key Considerations