Landing Zone deployment using Terraform
A safeINIT session at the AWS Romania Getting Started Week 2022. Day 5: deploying an AWS Landing Zone with Terraform.
About this talk
A multi-account AWS foundation, deployed as code
An AWS Landing Zone is the multi-account, secure-by-default foundation that production AWS sits on top of. This Day 5 session of AWS Romania Getting Started Week walks through deploying that foundation with Terraform: AWS Organizations, account separation, baseline guardrails, and the IAM and logging setup an audit can stand on.
The session is aimed at engineers and architects starting their first AWS environment or restructuring an existing one.
Key takeaways
A working Landing Zone built from code, not click-ops.
Account architecture
- AWS Organizations and the multi-account model
- Account separation: management, security, log archive, workloads
- Service Control Policies as guardrails
Deployment with Terraform
- Terraform module structure for a Landing Zone
- State management across accounts
- IAM, CloudTrail, and Config baseline as code
Bring this kind of work to your AWS environment.
If something here lined up with what you're building, the next step is a working call with the team that delivered it.