AWS Architecture Blog
Category: AWS Control Tower
How Zurich Insurance Group built their Scalable Account Vending process using AWS Account Factory for Terraform
Introduction Zurich Insurance Group is a leading multi-line global insurer operating in more than 200 territories. Headquartered in Zurich, Switzerland, their main business is life and property and casualty (P&C) insurance. In 2022, Zurich began a multi-year program to accelerate their digital transformation and innovation through migration of 1,000 workloads to AWS, including core insurance […]
Running hybrid Active Directory service with AWS Managed Microsoft Active Directory
Enterprise customers often need to architect a hybrid Active Directory solution to support running applications in the existing on-premises corporate data centers and AWS cloud. There are many reasons for this, such as maintaining the integration with on-premises legacy applications, keeping the control of infrastructure resources, and meeting with specific industry compliance requirements. To extend […]
Deploy consistent DNS with AWS Service Catalog and AWS Control Tower customizations
Many organizations need to connect their on-premises data centers, remote sites, and cloud resources. A hybrid connectivity approach connects these different environments. Customers with a hybrid connectivity network need additional infrastructure and configuration for private DNS resolution to work consistently across the network. It is a challenge to build this type of DNS infrastructure for […]
Field Notes: Clear Unused AWS SSO Mappings Automatically During AWS Control Tower Upgrades
Increasingly organizations are using AWS Control Tower to manage their multiple accounts as well as an external third-party identity source for their federation needs. Cloud architects who use these external identity sources, needed an automated way to clear the unused maps created by AWS Control Tower landing zone as part of the launch, or during […]
Field Notes: Extending the Baseline in AWS Control Tower to Accelerate the Transition from AWS Landing Zone
Caution: The solution covered in this blog post works on AWS Landing Zone 2.4.5 and lower, and AWS Control Tower 2.9 and lower. To use it in higher versions, you need to use a separate IAM password policy template for IamPasswordPolicy baseline and change the deployment target to a management account for the EnableNotifications baseline […]
Field Notes: Perform Automations in Ungoverned Regions During Account Launch Using AWS Control Tower Lifecycle Events
This post was co-authored by Amit Kumar; Partner Solutions Architect at AWS, Pavan Kumar Alladi; Senior Cloud Architect at Tech Mahindra, and Thooyavan Arumugam; Senior Cloud Architect at Tech Mahindra. Organizations use AWS Control Tower to set up and govern secure, multi-account AWS environments. Frequently enterprises with a global presence want to use AWS Control […]
Journey to Adopt Cloud-Native Architecture Series: #4 – Governing Security at Scale and IAM Baselining
In Part 3 of this series, Improved Resiliency and Standardized Observability, we talked about design patterns that you can adopt to improve resiliency, achieve minimum business continuity, and scale applications with lengthy transactions (more than 3 minutes). As a refresher from previous blogs in this series, our example ecommerce company’s “Shoppers” application runs in the cloud. […]
Designing a Successful Pilot Phase for Your Cloud Migration
Pilot phases, or pilots, as we will call them from now on, should be conducted to test and find the positive and negative aspects of a particular use case, design pattern, or application migration approach. They allow you to validate the foundation of your architecture (for example, with a landing zone governed by AWS Control […]
Issues to Avoid When Implementing Serverless Architecture with AWS Lambda
There’s lots of articles and advice on using AWS Lambda. I’d like to show you how to avoid some common issues so you can build the most effective architecture. Technologies emerge and become outdated quickly. So, solutions that may look like the right solution, otherwise known as anti-patterns, can prevent you from building a cost-optimized, […]
Fast and Secure Account Governance with Customizations for AWS Control Tower
Organizations around the world value a secure, well-architected, AWS environment that provides a strong foundation for their cloud operations. They seek a multi-account strategy that delivers operational excellence, security, reliability, performance, and cost optimization of their AWS resources now and into the future. AWS Control Tower delivers on this multi-account strategy by orchestrating various AWS […]