# Landing zone


A landing zone is an orchestration framework for your foundational AWS environment. It provides a baseline to get started with multi-account architecture, identity and access management, governance, data security, network design, and logging.

AWS has two options for creating your landing zone: a service-based landing zone using [AWS Control Tower](https://aws.amazon.com/controltower/) and a customized landing zone that you build. Each option requires a different level of AWS knowledge.

AWS Control Tower helps you save time by automating the setup of a landing zone so you can run secure and scalable workloads. AWS Control Tower is managed by AWS and uses best practices and guidelines to help you create your foundational environment. AWS Control Tower uses integrated services such as [AWS Service Catalog](https://aws.amazon.com/servicecatalog/) and [AWS Organizations](https://aws.amazon.com/organizations/) to provision accounts in your landing zone and manage access to those accounts.

**Objectives**

Create a landing zone with an initial configuration for the following:
+ Account structure
+ Network structure
+ Predefined identity and billing frameworks
+ Predefined user-selectable packages
+ Ability to customize and configure

**Outcomes**
+ A defined and secure landing zone ready for migration and further customization

**How-to guide**
+ [Setting up a secure and scalable multi-account AWS environment](https://docs.aws.amazon.com/prescriptive-guidance/latest/migration-aws-environment/welcome.html)

**Related resources**
+ [AWS Control Tower](https://aws.amazon.com/controltower/)
+ [AWS Service Catalog](https://aws.amazon.com/servicecatalog/)
+ [AWS Organizations](https://aws.amazon.com/organizations/)
+ [Architecting security & governance across your landing zone](https://www.youtube.com/watch?v=zVJnenaD3U8) (AWS re:Invent 2019 presentation)