The first step in realising a Cloud Landing Zone is the Design. Since it will function as the foundation for your cloud environment this is a crucial step in the realisation of the Landing Zone. The Design of the Landing Zone will be executed with a select group of stakeholders within your organization and engineers of The Factory.
The design will be based on best practices defined by the Public Cloud providers. AWS has it's Well-Architected Framework, Azure has it's Cloud Adaption Framework and Google Cloud has it's Cloud Architecture Framework. The Design will be focused on the four following aspects: Networking, Security & Compliancy, Identity & Access Management and Standardized Tenancy.
After the Design phase we will translate the gathered requirements to Landing Zone configuration which are being stored in code. For every Cloud Provider we have blueprints available that are used as base setup for the Cloud Landing Zone.
Public Cloud environments may change over time, best practices are being updated by Cloud providers, new security measurements can be taken, new services are being added, application landscapes may change that require new services, etc. Al those changes may impact your Landing Zone and may require changes to it, we at The Factory can help you maintain and Operate your Cloud Landing Zone.
We implemented a Cloud Landing Zone within AWS that contains a security baseline, centralized log management, auditing, governance, and networking setup. With the use of the Cloud Landing Zone and it's Account Vending Machine (AVM) it's a breeze to create new accounts within your AWS organization. Accounts are now created based on best practices and also provide baseline features out of the box centrally managed and configured by the Cloud Landing Zone.
Read More