Posted On: Oct 24, 2019
AWS Managed Services (AMS) announces support for AWS Landing Zone (ALZ), a multi-account architecture recommended for enterprises looking for a scalable design for the configurations of their AWS accounts. With this release, new AMS customers will be able to choose either ALZ or the current AMS landing zone design based on their needs.
Building on the baseline ALZ configuration, AMS adds the following managed features: a managed shared services account for bastions, antivirus and malware, and Microsoft Active Directory; integrated Transit Gateway to connect thousands of VPCs; customer workloads launched within AMS are pre-configured to take advantage of the ALZ logging account for cross-account monitoring, diagnostics, audit, and security event detection and investigation; and integrated Private Link and Direct Connect to keep traffic between AWS services and the customer network off the public internet - a requirement for enterprises to host internal-only applications in the cloud. AMS can deploy fully configured, managed, and compliant accounts (PCI, ISO, HIPAA, SOC, NIST) within 2 hours, dramatically reducing on-boarding times from multiple weeks and months. Adding support for the ALZ design, which is also used by AWS Control Tower, will also simplify AMS’ future capability to assume operational control of enterprises that are struggling with self-management of their current landing zone and would like AMS to help.
In addition to the features described above, you will also benefit from AMS standardized security and operational model and features such as patch, incident management, change management, backup, business continuity, and financial & capacity management. The AMS-Managed ALZ is generally available in all regions supported by AWS Managed services. See the Region Table for the latest updates. To learn more about using AMS, visit the website.