Hello! In December, OTUS launches a new course - Cloud Solution Architecture . In anticipation of the start of this course, we are sharing with you the translation of interesting material on the topic.
AWS Landing Zone is a solution that helps customers quickly set up a secure AWS environment with multiple accounts based on best practices.
For more than five years, our team at the Mitoc Group has worked tirelessly to help large organizations successfully digitally transform and build or migrate their digital footprint to the AWS cloud. In other words, quoting our AWS friends: โOur customers are rediscovering themselves with AWS.โ This is an endless effort to reinvent and simplify the mechanics on behalf of the clients themselves, and AWS does an excellent job of solving complex problems with easy-to-learn solutions.
AWS Landing Zone ( source )What is AWS Landing Zone?
According to information from an official source:
AWS Landing Zone is a solution that helps customers quickly set up a secure AWS environment with multiple accounts based on AWS best practices. With a large number of options, setting up an environment with multiple accounts can take considerable time, as well as setting up multiple accounts and services, and require a deep understanding of AWS services.The AWS Landing Zone solution has significantly reduced the complexity and consistency of similar design patterns that are provided to different customers. On the other hand, our team had to reconfigure some CloudFormation components as Terraform components in order to use them further for automation.
So we wondered why not build the entire AWS Landing Zone solution in Terraform? Can we do this and will it solve the problems of our customers?
Spoiler: decides and already decides! :)When should you not use AWS Landing Zone?
If you deal with regular cloud services and cloud resources with one or two AWS accounts, these steps may be unnecessary. Anyone who does not belong to this item can continue reading :)
What should be considered before starting work?
Many of the large organizations that we worked with already have some kind of strategy for using cloud technologies. Companies are fighting for the successful implementation of cloud services without a clear vision and stated expectations. Please take the time to decide on your strategy and understand how AWS fits into it.
When deciding on a strategy, successful AWS Landing Zone customers are actively focusing on the following:
- Automation is simply not an option. Native cloud automation is preferred.
- Teams consistently use the same mechanics with the same set of tools for preparing cloud resources. Better to use Terraform.
- The most productive users of cloud services have the ability to create reusable processes and provide them as reused services instead of reused code. Serverless architecture is preferred.
Introducing the Terraform Module for AWS Landing Zone
After months of hard work, I am pleased to introduce the
Terraform module for AWS Landing Zone .
The source code is stored on GitHub, and
stable release versions are published on the Terraform Module Registry.
To get started, just include
main.tf in your code:
module "landing_zone" { source = "TerraHubCorp/landing-zone/aws" version = "0.0.6" root_path = "${path.module}" account_id = "${var.account_id}" region = "${var.region}" landing_zone_components = "${var.landing_zone_components}" }
Note: be sure to include
variables.tf and everything that may come in handy from
outputs.tf .
To facilitate understanding, we have added default values โโto
terraform.tfvars :
account_id = "123456789012" region = "us-east-1" landing_zone_components = { landing_zone_pipeline_s3_bucket = "s3://terraform-aws-landing-zone/mycompany/landing_zone_pipeline_s3_bucket/default.tfvars" [...] }
This means that when using this
terraform module you will need:
- Change
account_id and region to your own that match the data in AWS Organization; - Change
landing_zone_components to match your use of AWS Landing Zone; - Change
s3://terraform-aws-landing-zone/mycompany to your S3 block and S3 key prefix, where you will store the .tfvars files (or the absolute path to the .tfvars files in your local storage).
This module can have dozens, hundreds or thousands of deployable components, but not all of them need to be and will be deployed. At run time, components that are not part of the
landing_zone_components variable
landing_zone_components will be ignored.
Conclusion
We are very pleased and proud to share the fruits of our efforts to help customers create native cloud automation. The Terraform module for AWS Landing Zone is another solution that helps organizations quickly set up a secure AWS environment with multiple accounts based on AWS best practices. We are well aware that AWS is growing insanely fast, and we are also striving to quickly develop a terraform solution that covers all the basics and integrates with other AWS working solutions.
That's all. We
look forward to your comments and invite you to a
free webinar in the framework of which we
will study the design of the Cloud Landing Zone domain architecture and consider the architectural templates of the main domains .