What does this AWS Solution do?

The Landing Zone Accelerator on AWS solution helps you quickly deploy a secure, resilient, scalable, and fully automated cloud foundation that accelerates your readiness for your cloud compliance program. The Landing Zone Accelerator solution is architected to align with AWS best practices and multiple, global compliance frameworks. When used in coordination with other AWS services, it provides a comprehensive no-code solution across 35+ AWS services. With this solution, customers with highly-regulated workloads and complex compliance requirements can better manage and govern their multi-account environment. The Landing Zone Accelerator solution helps you establish platform readiness with security, compliance, and operational capabilities.

Benefits

Support

Supported by AWS Support based on your support plan.

Automation

Automatically set up a cloud environment suitable for hosting secure workloads. The Landing Zone Accelerator can be deployed in all AWS regions. This helps you maintain consistency of your operations and governance across commercial regions, GovCloud and other non-standard partitions in AWS.

Data security

Deploy the solution in an AWS Region suitable for the data classification of your data. Sensitive data detection in Amazon S3 is enabled with Amazon Macie. The Landing Zone Accelerator helps you deploy, operate and govern a centrally managed encryption strategy using AWS KMS.

Compliance

Provides the foundational infrastructure from which additional complementary solutions can be integrated.

AWS Solution overview

The diagram below presents the architecture you can automatically deploy using the solution's implementation guide and accompanying AWS CloudFormation template.

landing-zone-diagram
 Click to enlarge

Landing Zone Accelerator on AWS architecture

This solution includes an AWS CloudFormation template you deploy in the account you want to use as the management account for your multi-account environment.

1. The provided AWS CloudFormation template will deploy an AWS CodePipeline that contains the Landing Zone Accelerator installation engine. 

2. The installer pipeline is used as the launching point to deploy the core features of the Landing Zone Accelerator. We have separated the installer to allow you to easily update to future versions of the Landing Zone Accelerator by updating a single parameter through the AWS CloudFormation update stack console.

3. An AWS CodeBuild project is used as an orchestration engine to build and execute the Landing Zone Accelerator Cloud Development Kit (CDK) application that deploys the core AWSAccelerator-PipelineStack, and associated dependencies.

4. The core pipeline is used for input validation, synthesis, and deployment of additional CloudFormation stacks via CDK. An AWS CodeCommit repository named aws-accelerator-config is used to store the configuration files that are used by the Landing Zone Accelerator. These configuration files will be the primary mechanism for configuration and management of the entire Landing Zone Accelerator. 

5. An AWS CodeBuild project is used to compile the Landing Zone Accelerator CDK application.

6. Multiple AWS CodeBuild deployment stages are utilized to deploy the resources that have been defined in the Landing Zone Accelerator configuration files to your multi-account environment. A review stage is also included allowing you to view all the changes that will be applied by these stages.

7. The Landing Zone Accelerator will also monitor for AWS Control Tower lifecycle events for potential drift events. When using AWS Control Tower with the Landing Zone Accelerator, please ensure that the resources within your AWS Control Tower environment are properly enrolled. This can be viewed through the AWS Control Tower console.

Landing Zone Accelerator on AWS

Version 1.0.1
Released: 06/2022
Author: AWS

Estimated deployment time: 50 min

Estimated cost Source code  CloudFormation template 
Use the button below to subscribe to updates for this Solutions Implementation.
Note: To subscribe to RSS updates, you must have an RSS plug-in turned on for the browser you are using.
Did this Solutions Implementation help you?
Provide feedback 
Build icon
Deploy a Solution yourself

Browse our library of AWS Solutions Implementations to get answers to common architectural problems.

Learn more 
Find an APN partner
Find an APN Partner

Find AWS certified consulting and technology partners to help you get started.

Learn more 
Explore icon
Explore Solutions Consulting Offers

Browse our portfolio of Consulting Offers to get AWS-vetted help with solution deployment.

Learn more