AWS Landing Zone

AWS Landing Zone

Deploy a secured, multi-account environment that is ready to onboard your applications

Your AWS Organization is managed using Infrastructure as Code (IaC)We use Organization Formation to manage your multi-account environment including the guardrails to protect your AWS accounts.
The code is stored on GitYou can choose your own Git provider to store the code which is responsible for managing your landing zone.
CloudFormation & CDK StacksThe landing zone contains a dozen of pre-defined stacks which make use of AWS CloudFormation and AWS CDK.

This gives you the flexibility to expand further quickly.
Made with security in mindAccounts are separated based on lifecycle to mitigate the blast radius if your account gets breached.

To improve compliance we can enable AWS Security Hub, AWS GuardDuty, and AWS CloudTrail on the organizational level to protect all the member AWS accounts.
A high-level overview of our AWS Landing ZoneThis architecture has been deployed for multiple clients over the years and gives you a brief glimpse of what you can expect when we start to initialize the onboarding.

Set up your automated multi-account environment in days instead of weeks or months

Our AWS Landing Zone has proven that you can deploy on a new AWS Organization in days instead of weeks.

This means you can focus on building your application on your AWS accounts instead of managing and configuring its compliance.

Includes a pipeline to deploy your code

The AWS Landing Zone makes use of AWS CodePipeline to deploy the changes from Organization Formation.

Central user mangement

You’ll get the ability to centrally manage user access using AWS IAM Identity Center.

This makes onboarding your developers easy and secure.

Easily extendable

You can easily extend the Landing Zone with your own custom AWS CloudFormation or AWS CDK stacks.

Automatically bootstrap your AWS accounts

It comes bundled with a dozen of custom templates that we’ve built for you that we can bootstrap on your newly created AWS accounts to protect them on day 1.

What’s in the AWS Landing Zone?

Here you’ll find all the features and services that are deployed out of the box on the AWS accounts within the organization.


Infrastructure as Code
Centralized AWS account management
Centralized user management including SSO
Consolidated billing & Centralised budgets
OpenID integration with GitHub & Bitbucket
AWS CDK Bootstrap
Budget notifications


Service Control Policies (Region protection)
Centralized audit logging with AWS CloudTrail
Security guardrails with Amazon GuardDuty
Automatic security checks against best practices using AWS Security Hub
Automated password protection policy
Workload isolation

Ready to accelerate your migration to AWS?

We’ll help you to successfully initiate an automated landing zone platform for your Developers and Applications.