Kickstart your journey into AWS with confidence
Automate the setup of a new landing zone using best-practices blueprints for account structure, identity, federated access, security and networking using org-formation Infrastructure as Code (IaC) tool for AWS Organisations.
What is the Enterprise Cloud Accelerator?
Whether you are just starting on AWS or looking to expand your existing AWS infrastructure, the fourTheorem AWS Enterprise Cloud Accelerator is the ultimate solution for customers looking to avoid project delays and re-work and establish a secure, scalable multi-account AWS environment.
This offering comprises an initial workshop to identify your specific objectives and requirements, design the landing zone, deployment and knowledge transfer.
Key Activities
- Create a multi-account environment using AWS Organisations, enabling sensible guardrails to avoid common cloud misconfigurations. Create budgets to track your spending across accounts, regions, services, workloads and applications.
- Provide federated access to all your AWS accounts using the AWS IAM Identity Center. Easily integrate your existing identity source such as Okta, Active Directory or Google Workspace or use the built-in Identity Center directory to provision and manage your users.
- Centralise logging from AWS CloudTrail and AWS Config to an S3 bucket in a Log Archive Account for compliance and easier analysis.
- Enable detective controls and security tools such as Security Hub, GuardDuty and AWS Config across the organisation and get a single pane of glass view of your security posture in your Audit Account. Track your compliance against industry-standard benchmarks such as the CIS AWS Foundations Benchmark.
- Create a Networking Account to centrally manage your network configuration. Optionally create site-to-site IPsec VPNs or use AWS Direct Connect to integrate existing on-premise infrastructure.
Benefits
- Efficiency: Automating the creation of a landing zone saves time, effort, and money that would otherwise be required to set up each account manually.
- Best practice: Using best-practice blueprints ensures the landing zone complies with the AWS Well-Architected Framework.
- Scalability: Use AWS Control Tower or leverage open-source Infrastructure as Code (IaC) tools such as terraform and org-formation to manage AWS Organisations and deploy resources across accounts for easy management and deployment of the landing zone. This allows organisations to make peer-reviewed, automated changes to AWS environments at scale and avoid drift across dozens or hundreds of accounts.
- Flexibility: Effortlessly customise your landing zone setup, modifying AWS account structure, budget alerts, security services, networking, and more to meet your specific requirements.
- Security: Automatically deploy secure baseline configuration to all your accounts, define your compliance and security needs in code and monitor the security posture of your entire organisation using AWS Security Hub.
- Co-development: fourTheorem collaborates closely with your team to design, develop, and deliver a solution that aligns with your goals and objectives. This approach facilitates a seamless transition of ownership and operation of the solution to your team post-deployment.
How it works
Preparation
- Discovery – fourTheorem will thoroughly assess your organisation’s business requirements and current architecture.
- Workshop – Before customising your foundational AWS environment, fourTheorem Senior Architects will deep dive into your specific requirements, target architecture, code base, development & deployment process, etc.
Implementation
- Create Account Structure – Establish a well-defined and organised structure for the AWS accounts to provide a consistent and secure environment for managing your organisation’s AWS resources and applications.
- Identity Management – Set up AWS IAM Identity Center to manage your team’s access centrally across AWS accounts and applications.
- Configure Security Controls – Enable Security and Compliance Services and implement the agreed-upon baseline security measures.
Follow-up
- Review – Assess whether the end solution meets your requirements and incorporate enhancements as necessary.
- Training – By providing comprehensive training and support fourTheorem enables customers to fully leverage the AWS Enterprise Cloud Accelerator and make any necessary modifications in the future.