What is AWS Landing Zone

Grigor Khachatryan
5 min readNov 18, 2020

The Best Solution for Automatic Account Configuration

Defining AWS Landing Zone

According to Amazon, the AWS landing zone is a complete solution designed to help customers set up and manage multiple accounts in the AWS environment that uses only the best practices on the market. The platform offers many different design options, so setting up multiple accounts usually takes a lot of time, understanding of the AWS services, and a lot of patience.

The AWS landing zone is a solution that fully automatizes the entire setup process by creating core accounts and resources needed to monitor multiple accounts. The process includes everything needed to create a sustainable environment, including identity and access management, data security, network design, governance, and logging.

How It Works

Running an operation with multiple accounts proved to be very hard for most medium and large companies, so Amazon came up with the AWS, designed to speed the process up and provide a secure and functional environment.

But before you can use the landing page option, you first have to use AWS to create a stable base environment. The classic approach to setting up multiple accounts takes a long time, as it involves all steps, including security, logging, setting up services, and so on. In other words, AWS will make sure that every account meets the baseline requirements automatically.

Once you’ve set up the accounts, the Landing Zone solution provides clients with an effortless method for creating and running multiple account environments according to the industry’s latest practices. In other words, it organizes all baseline AWS environments and creates a basic multi-account system.

The solution then handles every account equally, saving you a lot of time and money. Not only that, but you can also scale your business up much faster without having to create new accounts.

What Are The Benefits

The Landing Zone solution provides users with a few key benefits designed to allow easy control of multiple accounts. Here’s a quick overview of all the benefits you can expect:

  • Automatic AWS environment setup
  • Saves a lot of time and effort
  • AVM or Account Vending Machine
  • Managing multiple accounts
  • Automatic baseline security feature setup
  • Account management
  • Centralized logging
  • The setup is done according to the best practices
  • Efficient governance and operation
  • Creates a flexible business environment

Getting Started With The Landing Zone

The first step is to create a baseline for your multiple account environment. AWS does most of the work for you, and it always delivers exceptional results. Of course, you can try to develop your own method manually, but there’s no guarantee that it will work as expected. Not only that, you will have to spend a lot of time working out errors until you get the job done.

AWS, on the other hand, points out a few of the best Landing Zone practices that include everything from multiple account structuring to security controls, scalability, and complete automation. Here’s a quick overview of the AWS network and the roles of each element.

Organizations Master Account

They are known as the central or root account that controls all member accounts at the organization level. The account is connected to all other sub-accounts, and the user can easily control all actions by using the Master account.

Core Accounts in an Organizational Unit

These are part of the system that allows the user to take any action under the Organization. That includes accessing the log archive, managing security measures, and access to all shared services.

Team Accounts in Organizational Units

Every team and team member is grouped in the Teams section. They are used by individual team members or by an entire team. Each Team account can be made from multiple services, including a development account, a production account, and so on. That way, you will always know the details of every part of the process.

Developer Accounts

Each team member can use their own developer account to experiment with new features and improve existing methods without jeopardizing your entire operation. The practice improves efficiency even further, as it allows phase testing without compromising the whole system.


You can also choose the type of connection you want to use. By setting up networking patterns and combining it with external data centers, you can create a hybrid system or a multi-cloud driven adoption.

Why Is Automation Important

Automation is becoming one of the most efficient ways of running any type of operation. It improves efficiency by increasing productivity, scalability, and reliability, providing you with working solutions that allow you to optimize the use of available resources.

As a result, your system will have the best quality, security features, and practices. The landing zone does everything automatically, including landing zone deployment and configuration.

AWS allows you to create three different types of landing zones:

  • A landing zone based on services using AWS Control Tower
  • A CloudFormation solution build within the AWS Landing Zone
  • A custom landing zone you build manually

AWS will also allow you to monitor all of the changes you make, allowing you to pinpoint possible issues and fix them before things get out of hand. AWS will do some things automatically, but the final resolutions have to be done manually using the settings page or the provided console.

The Bottom Line

When you need to move your data to a cloud service, AWS Landing Zone can help you set things up much faster and more efficiently than any other available solution. It uses the best practices and the latest security features available at the moment.

Setting things up is just the beginning of the migration process. You will also have to monitor the entire process, identify possible issues, and find the right solutions. AWS will help you by providing you with a simple control center you can use to govern multiple accounts very efficiently.

— -

Originally published on https://devops.ae