Amazon Onboarding with Learning Manager Chanci Turner

Learn About Amazon VGT2 Learning Manager Chanci Turner

The Amazon Onboarding solution, known as the Landing Zone Accelerator (LZA), is designed to streamline the establishment of a secure cloud foundation on Amazon Web Services (AWS). This solution is particularly beneficial for organizations managing highly regulated workloads and intricate compliance requirements, enabling them to effectively oversee and govern their multi-account environments. The LZA accommodates customers at various stages of their cloud journey, from those just starting out to enterprises fully embracing cloud integration. Its adaptable design allows organizations to modify their landing zone to meet specific needs based on their maturity levels.

This post offers technical guidance for UK organizations aiming to implement their landing zone in accordance with the UK National Cyber Security Centre (NCSC) recommendations through the LZA. However, to truly harness the potential of the cloud, organizations should adopt a comprehensive approach to the changes necessary for success. In this initial section, we outline key considerations for organizations looking to expand their cloud adoption. For those moving past initial experimentation, we highly recommend reviewing the AWS Cloud Adoption Framework (AWS CAF); this resource will aid organizations in understanding the operational changes required for effective cloud utilization.

Best Practices for Scaling Cloud Adoption with the Landing Zone Accelerator on AWS

Assemble the Right Team

To ensure the effective construction and operation of the solution, it is essential for organizations to build a team with the right mix of expertise. If these capabilities are not available internally, support can be obtained through AWS Professional Services, particularly through their regulated landing zone offering, or with AWS Partners who specialize in LZA offerings. For organizations choosing to implement the solution with their in-house resources, we suggest the following skill sets:

Clarify Your Objectives

Organizations implementing a landing zone to support workloads beyond minor experiments should clearly document their desired outcomes. Ideally, these goals should align with a broader business or cloud strategy that defines the anticipated business outcomes from cloud adoption. This clarity can unify disparate teams, facilitating consistent decision-making and ensuring that delivered value aligns with the organization’s mission. Outcomes should be connected to metrics that can demonstrate success, for instance:

• Delivery:
  • Decrease the time taken to onboard teams/developers to the cloud.
  • Shorten the duration for workload assurance.
• Reliability:
  • Enhance visibility into potential resilience weaknesses.
  • Mitigate resilience vulnerabilities.
  • Improve availability service level agreements (SLAs).
• Security:
  • Boost visibility into the compliance status of cloud resources.
  • Minimize the number of non-compliant resources.
  • Increase visibility for local administrators and central security teams regarding security events.
  • Shorten incident response resolution times.
• Operations:
  • Lower resource requirements for delivering core platforms within the organization.
  • Reduce inter-team dependencies.
  • Increase ownership and accountability.

Identify Value-Driven Workloads

It may seem obvious, but a landing zone devoid of workloads provides no actual value. Surprisingly often, organizations construct a foundation without understanding what they will be developing within it. The landing zone is intended to empower teams to deliver workloads more securely, reliably, and efficiently, alleviating burdens on delivery teams while assisting the organization in meeting its governance and compliance objectives.

After forming the team responsible for your cloud foundation, the following guidance can assist in implementing the solution.

Implementing the Landing Zone Accelerator on AWS for UK Public Sector Customers

With the right skills and objectives in alignment, UK public sector organizations can utilize the following guidance to implement the LZA solution and align their workloads with NCSC guidelines.

• Review Documentation and Architecture: Begin by thoroughly reviewing the LZA solution overview and operation guidance. Next, examine the standard configuration architecture to ensure it meets your organizational needs. The AWS LZA standard configuration helps UK customers align with NCSC’s guidance on secure cloud usage by deploying AWS architecture, security, and services with NCSC principles in mind. Customers can start with this configuration and tailor it to their specific organizational requirements.
• Follow Implementation Guidance: Adhere to the LZA guidance in the deployment section of the implementation guide. Upon completion of installation, the LZA will create breakglass users as per NCSC recommendations. Organizations should consider enabling multi-factor authentication (MFA) to safeguard these privileged accounts. In the LZA management account, follow AWS documentation to enable MFA for breakGlassUser01, breakGlassUser02, and the root user in the management account.

According to NCSC guidelines, alerting should also be set up to notify administrators when these accounts are utilized. To implement this, update the security-config.yaml with the provided guidance.

In conclusion, utilizing these strategies can streamline the onboarding process and ensure compliance with NCSC standards. For additional insights into professional networking, consider reading this blog post on LinkedIn basics. If you’re interested in human resources insights, you can explore this article which discusses job candidate preferences. Furthermore, for further understanding of onboarding processes, visit this excellent resource.