Automate the setup of a new landing zone using best-practices blueprints for account structure, identity, federated access, security and networking using org-formation Infrastructure as Code (IaC) tool for AWS Organisations.
AWS Enterprise Cloud Accelerator
Kickstart your journey into AWS with confidence
Whether you are just starting on AWS or looking to expand your existing AWS infrastructure, the fourTheorem AWS Enterprise Cloud Accelerator is the ultimate solution for customers looking to avoid project delays and re-work and establish a secure, scalable multi-account AWS environment.
This offering comprises an initial workshop to identify your specific objectives and requirements, design the landing zone, deployment and knowledge transfer.
Key Activities:
- Create a multi-account environment using AWS Organisations, enabling sensible guardrails to avoid common cloud misconfigurations. Create budgets to track your spend across accounts, regions, services, workloads and applications.
- Provide federated access to all your AWS accounts using AWS IAM Identity Center. Easily integrate your existing identity source such as Okta, Active Directory or Google Workspace or use the built in Identity Center directory to provision and manage your users.
- Centralise logging from AWS CloudTrail and AWS Config to an S3 bucket in a Log Archive Account for compliance and easier analysis.
- Enable detective controls and security tools such as Security Hub, GuardDuty and AWS Config across the organisation and get a single pane of glass view of your security posture in your Audit Account. Track your compliance against industry standard benchmarks such as the CIS AWS Foundations Benchmark.
- Create a Networking Account to centrally manage your network configuration. Optionally create site-to-site IPsec VPNs or use AWS Direct Connect to integrate existing on-premise infrastructure.
Benefits:
- Efficiency – Automating the creation of a landing zone saves time, effort, and money that would otherwise be required to set up each account manually.
- Best Practice – Using best-practice blueprints ensures the landing zone complies with the AWS Well-Architected Framework.
- Scalability – Use AWS Control Tower or leverage open-source Infrastructure as Code (IaC) tools such as terraform and org-formation to manage AWS Organisations and deploy resources across accounts for easy management and deployment of the landing zone. This allows organisations to make peer reviewed, automated changes to AWS environments at scale and avoid drift across dozens or hundreds of accounts.
- Flexibility – Effortlessly customise your landing zone setup, modifying AWS account structure, budget alerts, security services, networking, and more to meet your specific requirements.
- Security – Automatically deploy secure baseline configuration to all your accounts, define your compliance and security needs in code and monitor the security posture of your entire organization using AWS Security Hub.
The Process:
Customer Contribution:
Access
fourTheorem requires access to your AWS account to set up and configure the cloud environment and optimise performance.
Transparency
To provide a tailored solution that best meets your needs, you need to be open with critical information including; business objectives, existing infrastructure, and application requirements.
Co-development
fourTheorem employs a co-development approach, collaborating closely with your team to design, develop, and deliver a solution that aligns with your goals and objectives. This approach facilitates a seamless transition of ownership and operation of the solution to your team post-deployment.
Architecture Diagram:
Have a Question
Get in touch with a member of our team below.
