The following blog post provides an overview of the ACAI reference architecture for an AWS Landing Zone.
Three types of accounts can be distinguished: Foundation Core Accounts, Shared Service Accounts and Business Solution Accounts.
A zoom-in shows more explicitly the Foundation Core Accounts – the links provided in the table below allow you to directly access and navigate through the accounts via the AWS Management Console:
| Account Type | Description | Link to Lab-Account (AWS Management Console) | Lab-Account-ID |
|---|---|---|---|
| AWS Organizations Master | AWS Organizations Master, OU Hierarchy, SCPs, Consolidated Billing | – | 297780133428 |
| Core Vending | Responsible for joining new AWS accounts to the AWS Foundation | pending | pending |
| Core IaC Provisioning | Responsible for hosting the terraform Infrastructure as Code CI/CD pipelines for all accounts of the AWS Foundation | Link to Core Provisioning | 851519347965 |
| Core VPC & Networking | Responsible for design of shared vpc´s, management of AWS Transit Gateway TGW, vpc/vpn attachments, AWS Direct Connect | Link to Core Networking | 134653435903 |
| Core Logging | S3 Buckets for AWS Foundation wide AWS CloudTrail, AWS Config, VPC Flow Logs | Link to Core Logging | 735600569007 |
| Core Auditing | Master for AWS Security Hub, Amazon GuardDuty and AWS Detective (optional) | Link to AWS SecurityHub Link to Amazon GuardDuty | 263761644432 |
| Core Monitoring | Aggregating AWS Foundation logs | Link to Monitoring Dashboard | 321744974957 |
| Other Shared Services | Further shared services like EKS, PKI, Kafka, Sandbox-Accounts… | – | – |
| Business Prod | Sample of a baselined business account | Link to Business Prod | 212262933260 |
| Business NonProd | Sample of a baselined business account | Link to Business Non-Prod | 001683013005 |
We are ACAI Consulting – specialized in AWS Multi Account Security and Governance. If you have any questions, feel free to get in touch with us: blog@acai.gmbh