The Cloud Foundations Quick Start Pack

Accelerate Cloud-Operations at Scale with a Robust Cloud-Foundation

Comprehensive improvement over the cloud adoption strategy of a company after the Landing Zone.

• 🌟 Accelerate-Cloud-Operations-at-Scale-with-a-Robust-Cloud-Foundation.pptx
• The Cloud Foundations Quick Start Pack is a deployment tool for the infrastructures of the cloud environment aims to quickly deploy a cloud-ready environment including a basic landing zone, security baselines, and DevOps functions in weeks, using cloud-native technologies and automation services.
• Effectively assist you to deploy, operate and govern workloads on the cloud efficiently, and make them available for business production fast. You can continue building based on it and constantly enhance the capabilities of your cloud environment.
• Journey Needs & Investments:
  • Scalable Account Structures 🏹 Multi-Account Strategy
  • Fiscal Predictability 🏹 Cloud Financial Management Tools
  • Faster Adoption 🏹 Adequate Risk Management & Governance
  • Least Access Privilege 🏹 IaC approach for all Functions

Establishing Your Cloud Foundation on AWS

Delivery Mode: Amazon Web Services + Partners.

• 1. Basic Landing Zone: AWS Organizations & Accounts
• 2. Security & Compliance Baselines: SCP, SSO, AWS Configs
• 3. Networking Connectivity: Direct Connect, Transit Gateway, VPC
• 4. Backup Configurations
• 5. DevOps Accelerator: Terraform Infrastructure-as-Code Automation
• 6. Advanced Functions: Cloud Custodian, Cloud Cost Optimization, SIEM

Solution Advantages:

• 1. Fast delivery: The Cloud Foundations Quick Start Pack can help you accelerate toward value, reduce implementation costs, and facilitate adoption of security best practices. You can focus your limited IT resources on high-value opportunities such as large-scale migrations, building the next-generation serverless applications and reinventing business processes on the cloud.
• 2. Enhanced security: Deploying with a centrally managed set of code improves the solution’s quality and security. The Cloud Foundations Quick Start Pack has many baseline configurations for compliance and security built into it. You can also propose new security and compliance requirements and quickly integrate them into existing code and configurations, continuously improving the security of your cloud environment.
• 3. Simplified work: The Cloud Foundations Quick Start Pack simplifies the building process for an organization with multiple Amazon Web Services accounts. With Terraform infrastructure-as-code, the Quick Start Pack is developed and tested in advance for infrastructure resources and their configurations on the cloud, thereby reducing a lot of common errors during implementation and greatly saving deployment time.

[Cloud Foundations Quick Start Pack] Architecture Diagram

1. Management Account: It includes an Amazon Organizations organization or a virtual organization and necessary Amazon Identity and Access Management IAM functional roles.
2. Infrastructure Account: It centrally manages Amazon Systems Manager parameter store, Amazon Simple Notification Service (Amazon SNS) topics, Amazon CodePipeline pipelines, Amazon CodeBuild projects and Amazon CodeCommit repositories. It includes Amazon Step Functions deploy and destroy state machines, the Amazon Service Catalog Account Factory, Pipeline Factory and Repository Factory products, to implement infrastructure-as-code automation.
3. Network Account: It centrally manages Amazon VPCs and their related resources, such as subnets, security groups, route tables, interface endpoints, Internet gateways, NAT gateways, Amazon Transit Gateways and Amazon Route 53 private hosted zones. It securely provides private connections based on Amazon PrivateLink. It provides holistical planning and one-click deployment of networking connectivity based on transit gateway.
4. Security Account: It centrally manages Amazon Key Management Service (Amazon KMS) customer keys. It includes alternative solutions to Service Control Policies and Tag Policies for Amazon Web Service Regions. It provides the security enhancements based on Amazon GuardDuty and Amazon Security Hub. It integrates the latest KeyCloak to provide user federation based on Amazon Fargate. It provides user interface backend based on Amazon AppSync.
5. Logs Account: It centrally manages Amazon Simple Storage Service (Amazon S3) buckets for logs from Amazon CloudTrail, Amazon Config, Amazon GuardDuty, Amazon Virtual Private Cloud (Amazon VPC) flow and elastic load balancing logs. It includes an Amazon OpenSearch Services domain to search and show logs. It includes an Amazon CloudFront distribution for user interface frontend.
6. Member Accounts: They are bootstrapped and configured based on the best practices recommended by Amazon Web Services.
7. Other Regions: It deploys and governs other Amazon Web Services Regions. It provides cross-regional networking connectivity based on transit gateway peering connection.