# Appendix: SALZ onboarding questionnaire
<a name="apx-og-questions"></a>

**Topics**
+ [Deployment summary](deployment-summary.md)
+ [Environment architecture considerations](og-questions-environment-level.md)
+ [Single-Account Landing Zone Monitoring Alerts](og-monitoring-alerts.md)
+ [Maintenance Window](og-maintenance-window.md)
+ [Next Steps](og-get-started-next-steps.md)

This is some of the information that you will need to think about before onboarding an account.

# Deployment summary
<a name="deployment-summary"></a>

A description of the deployment. For example: 
+ This account is for a Line-of-Business application deployment (as opposed to a Product application deployment).
+ The deployment involves an auto-scaled ARP (authenticated reverse proxy) within the account’s public or DMZ subnet. 
+ Web and application servers will be deployed within the account's private subnet. 
+ An RDS (Amazon Relational Database Service) instance will also be deployed within the account’s private Subnet. 
+ The servers (ARP, web, application, database, load balancer, etc.) are separated into distinct security groups. 
+ The account requires an HA (high availability) design spread across availability zones (AZs) i.e. "Multi-AZ".

# Environment architecture considerations
<a name="og-questions-environment-level"></a>

Consider the following criteria in deciding how to configure your environment and architecture.
+ Will your virtual data center connect back to your corporate network?
  + Do you have an existing AWS DirectConnect service or do you require a new DirectConnect service?
  + Do you have an existing VPN connection or do you require a new VPN service?
+ What is the available CIDR block range of internal addresses that you could allocate? (/16 recommended, must not overlap corporate network ranges)
+ Will your virtual data center require internet access?
+ Which Region(s) do you intend to use? (Sydney/N. Virginia/Dublin)
+ Will you require a Shared Services subnet to host applications that have connectivity to all other subnets?
+ What are your organizational divisions that you would like to be hosted as separate subnets. For each:
  + What connectivity to other subnets do you need?
  + Does the subnet require Internet access?
  + Are there any application deployment restrictions to that subnet?
  + Are there any particular network requirements for that subnet?
+ Would you like separate development and/or test environments? (Will include shared services duplicate for anytime access)
+ What are your snapshot backup requirements?
+ Do you have an existing maintenance process or patch window(s) that you would like to keep?
+ What are your domain registration requirements?
+ Do you have any single sign-on requirements? (e.g., AD, LDAP)
+ What are your overall expected operating system and anticipated capacity requirements?

# Single-Account Landing Zone Monitoring Alerts
<a name="og-monitoring-alerts"></a>

AMS provides a way for you to be directly alerted (versus getting AMS service notifications) for certain monitoring alerts. To sign up for this, make sure that your Cloud Architect (CA or Cloud Service Delivery Manager (CSDM) receive this information:

**Direct Alerts Email**: These are the email addresses that you want AMS to send certain resource-based alerts to. For details of which alerts are sent directly to email, see [Alerts from Baseline Monitoring in AMS](https://docs.aws.amazon.com/managedservices/latest/onboardingguide/monitoring-default-metrics.html) in the AMS User Guide for Single-Account Landing Zone. For more information on AMS monitoring, see [Monitoring Management](https://docs.aws.amazon.com/managedservices/latest/userguide/monitoring.html) in the AMS User Guide for Single-Account Landing Zone.

# Maintenance Window
<a name="og-maintenance-window"></a>

You will want to create a maintenance window that considers different application needs, different AWS Regions, and different stress periods. Your maintenance window is when AMS will apply patching. Here are some guidelines:
+ To limit the impact on users, plan your maintenance window according to the AWS Region where your environments are deployed.
+ Schedule a window outside of regular business hours and when the least traffic is expected on production servers.
+ Typically, infrastructure stacks require monthly updates.
+ Schedule a maintenance window for at least 300 minutes. Operating system patching takes 60-90 minutes, infrastructure stack patching takes 180-300 minutes.

# Next Steps
<a name="og-get-started-next-steps"></a>

The AMS onboarding team will assist you in every step of onboarding your account to AMS. These are onboarding requirements:
+ Provision a new AWS account to use for AMS and provide an AWS account ID.
+ Sign up for the desired level of Support.
+ Create a cross-account IAM role to grant the AMS provisioning account access and provide the role name to AMS.
+ Add the account 753102745277 as a Trusted Entity.