Configure Your Accounts with Landing Zone
caution
This guide hasn’t been updated in the past 6 months. If you find any inaccuracies, please share with us at feedback@gruntwork.io.
Overview
This guide will walk you through the process of configuring a production-grade AWS account structure, including how to manage multiple environments, users, permissions, and audit logging. We’ll also discuss how to implement a Landing Zone solution that lets you quickly spin up new AWS accounts that all implement a security baseline that enforces your company’s policies.
Sections
Feel free to read this guide from start to finish or skip around to whatever sections interest you.
1
Core Concepts
An overview of the core concepts you need to understand to set up an AWS account structure, including AWS Organizations, IAM Users, IAM Roles, IAM Groups, CloudTrail, and more.
2
Production-grade Design
An overview of how to configure a secure, scalable, highly available AWS account structure that you can rely on in production.
3
Deployment Walkthrough
A step-by-step guide to configuring a production-grade AWS account structure using the Gruntwork AWS Landing Zone solution, including how to manage it all with customizable security baselines defined in Terraform.
4
Next Steps
What to do once you’ve got your AWS account structure configured.