ACAI Lab – AWS Foundation
The following blog post provides an overview of the ACAI reference architecture for an AWS Landing Zone.
Three types of accounts can be distinguished: Foundation Core Accounts, Shared Service Accounts and Business Solution Accounts.
A zoom-in shows more explicitly the Foundation Core Accounts – the links provided in the table below allow you to directly access and navigate through the accounts via the AWS Management Console:
|Account Type||Description||Link to Lab-Account (AWS Management Console)||Lab-Account-ID|
|AWS Organizations Master||AWS Organizations Master, OU Hierarchy, SCPs, Consolidated Billing||–||297780133428|
|Core Vending||Responsible for joining new AWS accounts to the AWS Foundation||pending||pending|
|Core IaC Provisioning||Responsible for hosting the terraform Infrastructure as Code CI/CD pipelines for all accounts of the AWS Foundation||Link to Core Provisioning||851519347965|
|Core VPC & Networking||Responsible for design of shared vpc´s, management of AWS Transit Gateway TGW, vpc/vpn attachments, AWS Direct Connect||Link to Core Networking||134653435903|
|Core Logging||S3 Buckets for AWS Foundation wide AWS CloudTrail, AWS Config, VPC Flow Logs||Link to Core Logging||735600569007|
|Core Auditing||Master for AWS Security Hub, Amazon GuardDuty and AWS Detective (optional)||Link to AWS SecurityHub
Link to Amazon GuardDuty
|Core Monitoring||Aggregating AWS Foundation logs||Link to Monitoring Dashboard||321744974957|
|Other Shared Services||Further shared services like EKS, PKI, Kafka, Sandbox-Accounts…||–||–|
|Business Prod||Sample of a baselined business account||Link to Business Prod||212262933260|
|Business NonProd||Sample of a baselined business account||Link to Business Non-Prod||001683013005|
We are ACAI Consulting – specialized in AWS Multi Account Security and Governance.
If you have any questions, feel free to get in touch with us: firstname.lastname@example.org