AWS Landing Zone - Account Vending Machine

1 Launch
Solution Overview
AWS Landing Zone is a solution that helps customers more quickly set up a secure, multi-account AWS environment based on AWS best practices. This solution can help save time by automating the set up of an environment for running secure and scalable workloads while implementing an initial security baseline through the creation of core accounts and resources. It also provides a baseline environment to get started with a multi-account architecture, identity and access management, governance, data security, network design and logging.

The Account Vending Machine (AVM) is an AWS Landing Zone key component. AWS Landing Zone leverages AWS Service Catalog to grant administrators permissions to create and manage AWS Landing Zone products and end user’s permissions to launch and manage AVM products. The AVM uses launch constraints to allow end users to create new accounts without requiring account administrator permissions.

Goals & Objectives

This lab is designed to deploy a new AWS Account and pre-configured environment with Account Vending Machine.

Your objective is to deploy an AWS Account into an Organizations Unit configured with security guardrails.

In this lab you will experience:
  • Account Creation with Service Catalog
  • Using AWS organizations to establish guardrails
  • Automated VPC Configuration and Deployment

Hardware & Software

Amazon Web Services
  • CloudTrail
  • CloudFormation
  • Service Catalog
  • Config
  • Organizations
  • S3
  • Lambda
  • Step Functions