Deployment options for AWS GovCloud (US) workloads

We base the following options on amount of access type of workloads:

Option 1 - Deploy to new standard and AWS GovCloud (US) accounts. This is recommended for customers who are planning to host workloads in both standard and AWS GovCloud (US) Regions. Both Region types will have a Landing Zone Accelerator on AWS.
Option 2 - Deploy on new AWS GovCloud (US) accounts. This environment has access to both standard and AWS GovCloud (US) Regions. To create new AWS GovCloud (US) accounts, you can use the CreateGovCloudAccount API with Service Catalog to create new accounts in the standard Region and add these new accounts into the solution in the AWS GovCloud (US) Region. You only use the standard Region to vend new accounts; no workloads are present in the standard Region.
Option 3 - Deploy on existing AWS GovCloud (US) accounts. In this option, users have access to AWS GovCloud (US) only and can’t create their own AWS GovCloud (US) accounts. In this situation, AWS GovCloud (US) accounts are provided by third-party providers such as partners or resellers. If AWS Organizations is activated in the management account with administrative permissions, then you can deploy the solution.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Architecture

Option 1: Deploy to new standard and AWS GovCloud (US) accounts