Sorry, currently no German translation is available for this blog post
This AWS Lab is decomissioned - please check out the ACAI AWS Lab 2024
The following blog post provides an overview of the ACAI reference architecture for an AWS Landing Zone.
Three types of accounts can be distinguished: Foundation Core Accounts, Shared Service Accounts and Business Solution Accounts.
A zoom-in shows more explicitly the Foundation Core Accounts – the links provided in the table below allow you to directly access and navigate through the accounts via the AWS Management Console:
Account Type | Description | Link to Lab-Account (AWS Management Console) | Lab-Account-ID |
---|---|---|---|
AWS Organizations Master | AWS Organizations Master, OU Hierarchy, SCPs, Consolidated Billing | – | 297780133428 |
Core Vending | Responsible for joining new AWS accounts to the AWS Foundation | pending | pending |
Core IaC Provisioning | Responsible for hosting the terraform Infrastructure as Code CI/CD pipelines for all accounts of the AWS Foundation | Link to Core Provisioning | 851519347965 |
Core VPC & Networking | Responsible for design of shared vpc´s, management of AWS Transit Gateway TGW, vpc/vpn attachments, AWS Direct Connect | Link to Core Networking | 134653435903 |
Core Logging | S3 Buckets for AWS Foundation wide AWS CloudTrail, AWS Config, VPC Flow Logs | Link to Core Logging | 735600569007 |
Core Auditing | Master for AWS Security Hub, Amazon GuardDuty and AWS Detective (optional) | Link to AWS SecurityHub Link to Amazon GuardDuty | 263761644432 |
Core Monitoring | Aggregating AWS Foundation logs | Link to Monitoring Dashboard | 321744974957 |
Other Shared Services | Further shared services like EKS, PKI, Kafka, Sandbox-Accounts… | – | – |
Business Prod | Sample of a baselined business account | Link to Business Prod | 212262933260 |
Business NonProd | Sample of a baselined business account | Link to Business Non-Prod | 001683013005 |
We are ACAI Consulting – specialized in AWS Multi Account Security and Governance. If you have any questions, feel free to get in touch with us: blog@acai.gmbh