Chapter 6. Defining Your Landing Zone and Cloud Governance

Now that you have addressed your operational readiness for AWS, it is time to address the design of your landing zone and cloud governance. The concept of a landing zone was introduced in Chapter 2. As previously discussed, the landing zone provides baseline security controls and guardrails, account structure to segment environments, and security notifications. Now we will cover specific design concepts and best practices to build on and round out your understanding. We will follow the landing zone discussion with cloud governance, which comprises the controls developed for your operations in the cloud to maintain stability and security. By addressing these items now, your team can start the deployment of the landing zone and governance controls while you are performing your migration plan, which we will discuss in the next chapter. This parallel workflow will save a month or two on your migration timeline. You might want to postpone the deployment of your landing zone if there will be a lapse in time between your migration plan and your actual migration. By deploying the landing zone, you will start to incur AWS costs because resources such as NAT gateways and VPNs will be online at this time. If you expect a delay between planning and the start of migration, it might make sense to hold off on the landing zone until you are closer to your start date.

Frequently, the landing zone and cloud governance don’t get the attention ...