Tech Reformers AWS Account QuickStart enables a landing zone with AWS Control Tower designed to help organizations deploy a cloud foundation based on the pillars of the AWS Well-Architected Framework. Control Tower creates a multi-account architecture with best practices for security and cost management. This service is appropriate for both new and existing AWS customers who want an architecture built on best practices for security and cost management.

• Accelerate deploying AWS Control Tower landing zone using best practices.
• Onboard AWS accounts for teams and business units at scale within your organization quickly and safely.
• With master account activation from Tech Reformers, the service includes CloudCheckr for visibility, insights, and automation across your multi-cloud infrastructure via a unified view.

Overview

Tech Reformers Account QuickStart enables a secure foundation in the cloud by deploying AWS Control Tower.

The following deliverables are part of this engagement:

Plan

• Project kick-off meeting
• AWS Control Tower design and discovery workshop
• Set project goals and objectives.
• Review the AWS Control Tower prerequisites required for deployment.
• Build a backlog of tasks for the project.
• Define the AWS Control Tower use cases.

Design

• Establish a new management account with Organizations and AWS Control Tower structure for Organizational units (OU’s) to establish baselines across all AWS accounts.
• Establish landing zone settings: regions, configurations, access, logging, and encryption.
• Plan authentication and authorization (Identity provider, logging, encryption).
• Plan security controls (NIST 800-53 Rev 5, CIS AWS Benchmarks 1.4, PCI DSS version 3.2.1).
• Design a model single-account and single-VPC AWS environment.
• Design AWS networking components, including VPC definitions, subnets, security groups, and transit gateways. Plan IP addressing strategy for the organization.
• Plan tagging strategy.
• Plan centralized billing.       
• Plan on establishing connectivity for AWS with VPN or Direct Connect, if required.
• Develop a detailed architecture design document.

Configure

• Configuration of the landing zone, including AWS best practices in AWS Control Tower.
• Configure Identity and Access Management and, if required, SSO.
• Configure SCP Policies.
• Implement baseline security controls for logging and auditing.
• Implement Account Factory configuration based on design.
• In AWS Organizations, set up Configure Artifact, AWS Backup, AWS IAM Identity Center, AWS Trusted Advisor, CloudTrail, Config, Resource Access Manager, and Systems Manager.
• Implement a tagging strategy as designed for billing and administrative functionality.
• Configure CloudCheckr for centralized billing and monitoring of AWS Well-Architected Framework pillars.
• Develop final as-built documentation.

How to get Tech Reformers Account QuickStart

Connect on AWS Marketplace

Contact Tech Reformers to discuss.