Skip to content

Landing Zone Accelerator on AWS⚓︎

The Landing Zone Accelerator on AWS (LZA) is architected to align with AWS best practices and in conformance with multiple, global compliance frameworks. We recommend customers deploy AWS Control Tower as the foundational landing zone and enhance their landing zone capabilities with Landing Zone Accelerator. These complementary capabilities provides a comprehensive low-code solution across 35+ AWS services to manage and govern a multi-account environment built to support customers with highly-regulated workloads and complex compliance requirements. AWS Control Tower and Landing Zone Accelerator help you establish platform readiness with security, compliance, and operational capabilities.

Landing Zone Accelerator is provided as an open-source project that is built using the AWS Cloud Development Kit (CDK). You install directly into your environment to get full access to the infrastructure as code (IaC) solution. Through a simplified set of configuration files, you are able to configure additional functionality, controls and security services (eg. AWS Managed Config Rules, and AWS Security Hub), manage your foundational networking topology (eg. VPCs, Transit Gateways, and Network Firewall), and generate additional workload accounts using the AWS Control Tower Account Factory.

There are no additional charges or upfront commitments required to use Landing Zone Accelerator on AWS. You pay only for AWS services enabled in order to set up your platform and operate your controls. This solution can also support non-standard AWS partitions, including AWS GovCloud (US), and the US Secret and Top Secret regions.

For an overview and solution deployment guide, please visit Landing Zone Accelerator on AWS

Important

This solution will not, by itself, make you compliant. It provides the foundational infrastructure from which additional complementary solutions can be integrated. The information contained in this solution implementation guide is not exhaustive. You must be review, evaluate, assess, and approve the solution in compliance with your organization’s particular security features, tools, and configurations. It is the sole responsibility of you and your organization to determine which regulatory requirements are applicable and to ensure that you comply with all requirements. Although this solution discusses both the technical and administrative requirements, this solution does not help you comply with the non-technical administrative requirements.

Anonymized data collection

This solution collects anonymized operational metrics to help AWS improve the quality of features of the solution. For more information, including how to disable this capability, please see the implementation guide.