Tech Reformers AWS QuickStart enables a secure landing zone with AWS Control Tower designed to help organizations deploy a cloud foundation based on the pillars of the AWS Well-Architected Framework. Control Tower creates a multi-account architecture with best practices for security and cost management. This service is appropriate for both new and existing AWS customers who want an architecture built on best practices for security and cost management.
Tech Reformers can use the Landing Zone Accelerator (LZA) to deploy your infrastructure and security configurations via code.
- Accelerate deploying AWS Control Tower landing zone using best practices.
- Onboard AWS accounts for teams and business units at scale within your organization quickly and safely.
- With master account activation from Tech Reformers, the service includes CloudCheckr for visibility, insights, and automation across your multi-cloud infrastructure via a unified view.
Set up and govern a secure, multi-account AWS environment,
starting at $5,000.
Set up and govern AWS multi-account environments so that you can quickly, easily, and confidently deploy applications.
Learn more about Control Tower.
Automate provisioning for AWS accounts, preconfigured to meet your business, security, and compliance requirements.
Learn to create accounts for each workload or use case.
Region deny controls disallow the creation, storage, and processing of data and resources outside specific AWS Regions,
Learn how to control use of regions in your account.
Govern new or existing account configurations, gain visibility into compliance status, and enforce controls, at scale.
Learn about using multiple accounts.
Enable a secure foundation in the cloud with our steps to set up AWS.
AWS
Account
Quick
Start
- Project kick-off meeting
- AWS Control Tower design and discovery workshop
- Set project goals and objectives.
- Review the AWS Control Tower prerequisites required for deployment.
- Build a backlog of tasks for the project.
- Define the AWS Control Tower use cases.
- Establish a new management account with Organizations and AWS Control Tower structure for Organizational units (OU’s) to establish baselines across all AWS accounts.
- Establish landing zone settings: regions, configurations, access, logging, and encryption.
- Plan authentication and authorization (Identity provider, logging, encryption).
- Plan security controls (NIST 800-53 Rev 5, CIS AWS Benchmarks 1.4, PCI DSS version 3.2.1).
- Design a model single-account and single-VPC AWS environment.
- Design AWS networking components, including VPC definitions, subnets, security groups, and transit gateways. Plan IP addressing strategy for the organization.
- Plan tagging strategy.
- Plan centralized billing.
- Plan on establishing connectivity for AWS with VPN or Direct Connect, if required.
- Develop a detailed architecture design document.
- Configuration of the landing zone, including AWS best practices in AWS Control Tower.
- Configure Identity and Access Management and, if required, SSO.
- Configure SCP Policies.
- Implement baseline security controls for logging and auditing.
- Implement Account Factory configuration based on design.
- In AWS Organizations, set up Configure Artifact, AWS Backup, AWS IAM Identity Center, AWS Trusted Advisor, CloudTrail, Config, Resource Access Manager, and Systems Manager.
- Implement a tagging strategy as designed for billing and administrative functionality.
- Configure CloudCheckr for centralized billing and monitoring of AWS Well-Architected Framework pillars.
- Develop final as-built documentation.
Let’s discuss AWS QuickStart