ACAI Lab – AWS Foundation

9 Okt
Michael Ullrich

The following blog post provides an overview of the ACAI reference architecture for an AWS Landing Zone.

Three types of accounts can be distinguished: Foundation Core Accounts, Shared Service Accounts and Business Solution Accounts.


A zoom-in shows more explicitly the Foundation Core Accounts – the links provided in the table below allow you to directly access and navigate through the accounts via the AWS Management Console:


Account Type Description Link to Lab-Account (AWS Management Console) Lab-Account-ID
AWS Organizations Master AWS Organizations Master, OU Hierarchy, SCPs, Consolidated Billing 297780133428
Core Vending Responsible for joining new AWS accounts to the AWS Foundation pending pending
Core IaC Provisioning Responsible for hosting the terraform Infrastructure as Code CI/CD pipelines for all accounts of the AWS Foundation Link to Core Provisioning 851519347965
Core VPC & Networking Responsible for design of shared vpc´s, management of AWS Transit Gateway TGW, vpc/vpn attachments, AWS Direct Connect Link to Core Networking 134653435903
Core Logging S3 Buckets for AWS Foundation wide AWS CloudTrail, AWS Config, VPC Flow Logs Link to Core Logging 735600569007
Core Auditing Master for AWS Security Hub, Amazon GuardDuty and AWS Detective (optional) Link to AWS SecurityHub
Link to Amazon GuardDuty
Core Monitoring Aggregating AWS Foundation logs Link to Monitoring Dashboard 321744974957
Other Shared Services Further shared services like EKS, PKI, Kafka, Sandbox-Accounts…
Business Prod Sample of a baselined business account Link to Business Prod 212262933260
Business NonProd Sample of a baselined business account Link to Business Non-Prod 001683013005

We are ACAI Consulting – specialized in AWS Multi Account Security and Governance.
If you have any questions, feel free to get in touch with us:




ACAI Lab – AWS Foundation