When it comes to establishing a well-architected, secure, multi-account, and compliant AWS environment, AWS provides several solutions to simplify the process, providing a foundation for organizations to build and run their cloud workloads securely and efficiently. AWS offers many solutions to help organizations set up and manage landing zones. In this blog post, we will discuss the respective advantages of three solutions:
- AWS Control Tower with AWS CloudFormation
- AWS Control Tower Account Factory for Terraform (AFT)
- AWS Landing Zone Accelerator
AWS Control Tower with AWS CloudFormation
AWS Control Tower is a governance service that helps you set up and manage secure, multi-account AWS environments. When combined with AWS CloudFormation, it offers a flexible and customizable approach to building and managing your AWS environment.
Key features:
- Customizable blueprints: Allow for the creation of custom blueprints using AWS CloudFormation templates, providing fine-grained control over account provisioning
- Extensive governance controls: Offer predefined guardrails and customizable policies for ensuring compliance
- Account vending machine: Facilitates on-demand creation of AWS accounts with predefined configurations
Ideal scenarios:
AWS Control Tower with AWS CloudFormation is suitable for organizations of all sizes that require a high degree of customization and control over their AWS environment. This solution is perfect when there is a need for complex multi-account architectures and stringent governance requirements.
For example, Virtusa used this approach to set up the AWS landing zones for a New Jersey-based government organization as well as a financial institution in the U.K., where they required control and high customizations of their environments, based on their respective regulatory requirements.
AWS Control Tower Account Factory for Terraform (AFT)
AWS Control Tower Account Factory for Terraform (AFT) allows organizations to provision and manage AWS accounts in AWS Control Tower using Terraform, an Infrastructure as Code (IaC) technology.
Key features:
- IaC approach: Empowers organizations to manage AWS accounts using Terraform's declarative code
- Customizable account provisioning: Provides flexibility in defining account structures and configurations
- Integration with existing Terraform workflows: Allows organizations to incorporate AWS account provisioning seamlessly into existing Terraform deployments
Ideal scenarios:
AWS Control Tower Account Factory for Terraform (AFT) is well-suited for organizations that have existing Terraform expertise and workflows. It is an excellent choice when you want to integrate AWS account provisioning into your Terraform-based infrastructure management.
For example, Virtusa used this approach to set up the AWS landing zones for a leading American pet retailer, which was already using Terraform as its tool of choice for IaC.
AWS Landing Zone Accelerator
AWS Landing Zone Accelerator is a pre-built solution designed for organizations looking to expedite the setup of a foundational AWS Landing Zone. It is a solution built on AWS Control Tower and provides a streamlined process to establish best practices.
Key features:
- Rapid deployment of a Landing Zone: Accelerates the initial setup, allowing organizations to get started quickly
- Built-in security and compliance controls: Help organizations meet AWS best practices, including security, identity and access management (IAM), and compliance, especially concerning their industry
- Customization: Provides some level of customization for specific organizational requirements
Ideal Scenarios:
AWS Landing Zone Accelerator is ideal for medium-sized organizations or ones that need to get an AWS environment up and running swiftly with minimal customization. It simplifies the initial setup process, adhering to AWS best practices.
For example, Virtusa used this approach to set up the AWS landing zones for a leading construction company in Canada, which was looking to set up the landing zones and migrate their apps very quickly from on-prem to AWS Cloud.
Conclusion
Choosing the right AWS solution for your organization depends on your specific requirements. AWS Control Tower with AWS CloudFormation offers extensive customization and governance capabilities. AWS Control Tower Account Factory for Terraform (AFT) is the choice when Terraform integration is essential. AWS Landing Zone Accelerator is the quickest way to get started with minimal customization.
Feel free to contact us so that we can evaluate your organization's needs and resources to determine which of these solutions aligns best with your AWS environment goals.