Moving to Cloud: the Landing Zone

By: Morten Jensen

In military terms a Landing Zone is an area where aircraft can land; in effect a base camp from where operations can extend.

AWS has for the last year or two used the term Landing Zone to convey an infrastructure foundation and security baseline on which applications and services can “land”. The applications inherit & adopt a set of shared services, integration and design patterns. The purpose of the Landing Zone is to establish an organisational baseline that supports its requirements for infrastructure and security and is rooted in “best practices”, which seek to balance business and security risks against innovation and value.

The foundation generally includes:

It is important to note building a full Landing Zone from scratch is no easy feat. It’s therefore important to start off in small bites and evolve the Landing Zone over time. A suggested priority order is this:

The Landing Zone security baseline should also include considerations and tools like:

Establishing a good Landing Zone foundation is important in order to avoid sprawl, inconsistency and security concerns when it comes to migrating or rolling out services in AWS. Below is a list of relevant Landing Zone resources for getting started on the Landing Zone journey. The list includes AWS announcements and links to predefined templates that are a good starting point.

Resources: