Landing zone
A landing zone is an orchestration framework for your foundational AWS environment. It provides a baseline to get started with multi-account architecture, identity and access management, governance, data security, network design, and logging.
AWS has two options for creating your landing zone: a service-based landing zone using AWS Control Tower
AWS Control Tower helps you save time by automating the setup of a landing zone so you can run secure and scalable workloads. AWS Control Tower is managed by AWS and uses best practices and guidelines to help you create your foundational environment. AWS Control Tower uses integrated services such as AWS Service Catalog
Objectives
Create a landing zone with an initial configuration for the following:
Account structure
Network structure
Predefined identity and billing frameworks
Predefined user-selectable packages
Ability to customize and configure
Outcomes
A defined and secure landing zone ready for migration and further customization
How-to guide
Related resources
Architecting security & governance across your landing zone
(AWS re:Invent 2019 presentation)