Sold by: Qalius Consulting Inc.
This is a professional services engagement to implement the AWS Landing Zone Accelerator configured for the Canadian Centre for Cyber Security's Cloud Medium standard (also known as Protected B / Medium Integrity / Medium Availability). Qalius deploys a greenfield multi-account AWS environment with AWS Control Tower, centralized networking with next-generation firewalls, identity federation, hybrid connectivity, and continuous compliance monitoring through AWS Security Hub. The service includes two instances of the solution — production and sandbox — along with knowledge transfer workshops and hands-on experience deploying a workload. Qalius’ implementation of the AWS Landing Zone Accelerator for CCCS – Cloud Medium is designed for Canadian organizations such as governments and hospitals that need a secure, auditable landing zone on AWS ready to host sensitive workloads.
Overview
This is a professional services engagement to implement a secure, multi-account AWS environment that facilitates compliance with the AWS reference architecture for the Canadian Centre for Cyber Security’s (CCCS) Cloud Medium standard (also known as Protected B / Medium Integrity / Medium Availability). The service is delivered by Qalius Consulting, an Ontario-based AWS Advanced Consulting Partner specializing in secure AWS environments for Canadian organizations.
The engagement deploys the AWS Landing Zone Accelerator (LZA) solution using the CCCS – Cloud Medium configuration published by AWS, customized to your organization's requirements. The result is a family of AWS accounts governed by AWS Control Tower, with centralized networking, perimeter security, identity management, logging, and compliance monitoring — all configured according to Canadian federal security guidance.
The Qalius engagement is organized on the axes Preparation, Implementation, and Knowledge Transfer. Two instances of the solution are deployed: a Production instance that hosts all workloads, and a Sandbox instance for safely testing updates to the AWS Landing Zone Accelerator before applying them to production.
Preparation
The AWS reference architecture for CCCS Medium is an opinionated architecture designed to constrain all data ingress and egress for a family of AWS accounts. Despite the constraints, there are configurable options such as hybrid connectivity to customer premises, identity federation, and selection of next-generation firewalls. Qalius works with your team to make the right configuration choices for your requirements. The project team plans details such as the network address space, DNS resolution, and AWS account organizational unit structure.
Implementation
Qalius deploys AWS Landing Zone Accelerator (LZA) engine to a greenfield AWS management account, then applies the CCCS Medium configuration to provision the full multi-account architecture. Qalius works with your team to implement the customizations, such as bringing up networking routes to your premises, federating with your identity provider, and configuring the next-generation firewall. The project includes deploying a “Hello World” application and may continue with installation of actual production workloads.
Knowledge Transfer
Knowledge transfer is integrated throughout the engagement rather than delivered as an afterthought. For hands-on experience, the joint team deploys a new workload account with a “Hello World” application that demonstrates traffic ingress and egress through the perimeter, application-to-database connectivity, and integration with your endpoint security tooling. The joint project team reviews the configuration files throughout the project, and the final “as-built” documentation lives in your source control platform.
Highlights
- Greenfield multi-account AWS environment configured for the AWS reference architecture for Canadian Centre for Cyber Security (CCCS) Cloud Medium
- Knowledge transfer from an AWS Advanced Consulting Partner, including virtual workshops, hands-on workload deployment, as-built documentation, and stakeholder support, delivered by an Ontario-based team
- Production and Sandbox instances with centralized networking, next-generation firewalls, identity federation through AWS IAM Identity Centre, hybrid connectivity, and configuration files managed in source control for auditable, repeatable infrastructure governance
Details
Sold by
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Pricing
Custom pricing options
Pricing is based on your specific requirements and eligibility. To get a custom quote for your needs, request a private offer.
Legal
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Support
Vendor support
Contacting Qalius
Use the “request private offer” button on this page to send us a message. We’ll get back to you to discuss requirements and see if we're a fit. If you're in the Toronto area, we can schedule a meeting at our office, 2 St. Clair Avenue West, 18th floor, Toronto Ontario, right by the St. Clair subway station. You can also reach us at sales@qalius.com , and after onboarding you’ll have access to our ticket portal.
About Qalius
Every project at Qalius has a connection to AWS. We develop custom web applications with serverless and conventional architectures. We're AWS migration experts, specializing in applications that require custom security or performance configurations. We offer a family of support services according to the demands of the workload and the industry. All services are delivered in Canada by AWS-certified specialists.
Why Qalius
Customers choose Qalius for our technical expertise and no-nonsense culture. We love getting down to the business of defining solutions and building on AWS.