AWS Cloud Operations Blog

Learn how to design landing zone architectures with new AWS Control Tower training

Do you or your organization need solutions to help reach your Cloud Governance objectives as you migrate to AWS? How do you stay agile and innovate faster while staying secure?
Designing and building a landing zone is a key step in the migration journey to the AWS cloud. A well-architected landing zone helps accelerate migration and modernization by incorporating cloud governance from the start and by providing appropriate tools to implement policies. Your team can move fast while being confident in their governance processes when you build on top of AWS Control Tower.

AWS Control Tower offers an automated AWS service-based jumpstart in landing zone creation. Including AWS multi-account setup based on security and compliance best practices using blueprints for identity, federated access, and AWS account structure. The landing zone set up by AWS Control Tower is managed using a set of mandatory controls – always applied on your behalf by AWS Control Tower to the landing zone – and optional controls that can be enabled based on your unique needs and policies.


Getting started

Enroll in this new self-paced Designing Landing Zone Architectures with AWS Control Tower digital course to build skills and expertise pertaining to governance, security, and identity across your AWS infrastructure and accounts.

About the course

Designing Landing Zone Architectures with AWS Control Tower is an intermediate e-learning course that provides prescriptive guidance on designing target landing zones to support migration and modernization on AWS. This course provides details on the initial design, migration and modernization planning, along with setup of landing zones using AWS Control Tower. It also provides strategies to streamline existing AWS account landscape, leveraging the AWS Well-Architected Framework.

This course has 2 modules:

  • Module 1: Introduces you to landing zone concepts and tools to help create a landing zone, it also details how to build a secure and compliant landing zones on AWS using AWS Control Tower. And finally, multi-account best practices.
  • Module 2: Invites you to apply the knowledge acquired on the previous module. This module walks through a fictitious customer’s journey migrating from a single AWS account to a compliant and secure landing zone supported by AWS Control Tower. The module covers planning, setting up landing zones using AWS Control Tower, and also the strategies and tools needed to scale and customize the AWS Control Tower landing zone.

Upon completion of this course, you should be able to:

    • Understand how to evolve a landing zone, as your need for scale increases
    • Plan for a migration or modernization to AWS, with a suitable landing zone foundation established
    • Migrate from a legacy single-account strategy, to a multi-account landing zone following AWS best practices
    • Identify the components of AWS Control Tower, to help build a secure and compliant landing zone
    • Explore strategies to scale and customize an AWS Control Tower landing zone

Improve your Cloud Operations skills on AWS

This course can help you build the necessary skills to be successful in the governance, security, and compliance of your AWS resources. AWS Control Tower is a foundational service to set up and govern a secure multi-account AWS environment landing zone. You can find further training to help improve your AWS skills in the AWS Skill Builder course catalog.

About the authors:

Erico Penna

Erico Penna is a Migration Partner Solutions Architect based in Dallas with experiences in migration, application modernization, storage, backup, disaster recovery, and virtualization areas.For over 5 years, he has been helping customers and partners enhance their migration and modernization practices to speed up moves to AWS.

Matheus Arrais

Matheus Arrais is a CloudOps Specialist Solutions Architect based in the USA who has experience in the cloud operations, cloud governance, compliance, migration, and security. He is focused on cloud governance services including AWS Control Tower, AWS Organizations, AWS Service Catalog, and AWS Config. For over 4 years, he has been helping customers and partners enhance their governance, compliance and security posture for a successful cloud journey. Find on Linkedin: /matheusarrais.

Giovanni Gravesande

Giovanni is a Partner Solutions Architect with AWS, based in New York. After 15 years of systems engineering in the enterprise datacenter, managing PBs of data storage, and building resilient DR-ready application architectures. He has spent the past 3 years, helping AWS partners develop migration practices through the Migration Acceleration Program (MAP). To accelerate customer value realization on AWS cloud.

Raghava Kumar Vemu

Raghav Vemu is a Sr. Product Manager with AWS Training & Certification, based in Houston, Texas. For the past 2 years, he has been responsible for building new training products for customers and partners mainly in the migration, modernization, mainframe modernization and storage areas.