ACAI AWS Lab 2024

Sorry, currently no German translation is available for this blog post

Intro

The following blog post provides an overview of the ACAI reference architecture for an AWS Landing Zone.

Do you want to see an AWS Landing Zone that is enterprise-approved, scaleable and secure? Do you want to see this live and in action.

Whether you use Amazon Control Tower or maintain your AWS Landing Zone with IaC tools like Terraform, this lab might inspire you.

You will see the following modular ACAI assets woven together:

ACAI VECTO - Manage your AWS Core IaC CI/CD pipelines simply and centrally
ACAI ACF - The Pick What You Need library of Terraform modules to manage the following AWS Services:
- AWS Organization terraform-aws-acf-org-ou-mgmt , terraform-aws-acf-org-delegation
- AWS Service Control Policies (SCPs) terraform-aws-acf-scp
- AWS IAM Identity Center terraform-aws-acf-idc
- Organization AWS CloudTrail terraform-aws-acf-org-cloudtrail
- AWS Backup
ACAI PROVISIO - Perform baselining and hardening of your AWS accounts with Terraform:
ACAI SEMPER - The solution to manage your AWS security finding lifecycle via policies.

The IaC CI/CD part of the AWS AWS Lab is hosted in Azure DevOps: link

There you will find the pipeline-repos and pipelines and the Lab Settings .

AWS Account	Account Name	Account ID	AWS Service
Org Mgmt	acai_aws-lab1_org-mgmt	590183804009	- Organization - SCP - Identity Center
Core SSO	acai_aws-lab1_core-sso	761018859750	- Identity Center
Core Security Tooling	acai_aws-lab1_core-security-tooling	975050251880	- Security Hub - AWS Config - ACAI ACF Account Cache - ACAI SEMPER Enriched - ACAI SEMPER Operations
Core Log Archive	acai_aws-lab1_core-log-archive	058264189027	- S3 Buckets
Core Baselining	acai_aws-lab1_core-baselining	891376920850	- ACAI PROVISIO

Use this link to connect to the AWS SSO portal: https://acai-lab1.awsapps.com/start

Username	Password
lab_user1@acai.gmbh	ACAI2024
lab_user2@acai.gmbh	ACAI2024

Assigned permissions: assignments.tf

The Core IaC CI/CD Resources are managed by ACAI VECTO - the pipeline repository can be found here:

The underlying repositories of the following pipelines are listed below.

ACAI VECTO Pipeline	Pipeline Repo
Org-Mgmt	pipeline-org-mgmt
Org-SCP	pipeline-core-scp
Org-Org-CloudTrail	pipeline-core-org-cloudtrail
Org-SSO	pipeline-core-sso
Core-SecurityTooling	pipeline-core-securitytooling
Core-Security-SEMPER	pipeline-core-security-semper
Core-LogArchive	pipeline-core-logarchive
Core-Baselining	pipeline-core-baselining

ACAI Consulting is specialized in AWS Multi Account Security and Governance.

If you have any questions, feel free to get in touch with us: blog@acai.gmbh