* * *

[[_TOC_]]

* * *

Content
=======

* * *

Mission Statement
=================

This Delivery Kit provides guidance on how to deploy, extend and customize the publicly available AWS Landing Zone solution. AWS Landing Zone accelerates customer adoption of the cloud by providing a prescriptive set of instructions for deploying an AWS-recommended foundation of interrelated AWS accounts, networks, and core services. AWS Landing Zone provides prescriptive guidance and best practice templates that a customer can deploy into their initial AWS environment, with confidence that it will grow to meet future business needs including security and regulatory compliance requirements. 

This Delivery kit also accelerates customer adoption of the cloud by providing a prescriptive set of instructions for migration of virtual machines from on-premises virtual environment to VMware on AWS. With VMware Cloud on AWS, you can evacuate data centers, create disaster recovery mechanisms, and accelerate application modernization.

Objectives
==========

*   Establish a Landing Zone that extends the customer's on-prem hosting capability enabling the migration of existing application and development of new applications in AWS.
*   Establish a VMware on AWS environment so that customers can avail the below benefits by migrating their virtual workloads to increase performance and innovation by refactoring applications. The key value proposition is to setup a seamless hybrid environment by using the same VMware tools that was used to manage on-premises workloads.

Outcomes
========

**Landing Zone**

*   Business
    *   Reduce time required to get started with AWS by leveraging a fully automated and secure solution incorporating AWS best practices
    *   Increased agility - Ability to enforce account level controls and spin up new environments for end users on-demand
    *   Governance - Ability to monitor and control all account activities (including cloud consumption) from a central account
*   Technical
    *   Configured customer Landing Zone leveraging AWS best practices built on top of AWS Control Tower
    *   AWS accounts with security baseline configured
    *   Core OU and minimum of 4 AWS "core" accounts
    *   Self-service provisioning of resources
    *   Cross-account IAM roles
    *   Centralized logging
    *   Implementation of Managed AD
    *   AWS Service Catalog populated with "account vending machine" and VPC products
    *   AWS Config and AWS CloudTrail enabled and configured by default across all accounts
    *   SSM Parameter Store populated with deployment parameters
    *   Deletion of default VPCs in new AWS accounts
    *   Standardized VPC patterns for new VPC launches
    *   Single sign-on with AWS SSO or other Federation
    *   Aggregations of notifications across all accounts

**VMware on AWS**

*   Deliver cloud capacity by scaling infrastructure on demand in minutes
*   Provide proactive disaster avoidance with VMware Cloud on AWS and VMware Site Recovery
*   Setup VMware environment on VMware Cloud on AWS which is managed by the same tools and use the same operations as the ones used on-premises

 **Attachments:** 


[Design%20a%20Network%20on%20AWS%20Workshop.pptx](/.attachments/DK-LandingZone-ControlTower/Design%20a%20Network%20on%20AWS%20Workshop.pptx)

[Multi%20Account%20Setup%20for%20MRP%20v1.pdf](/.attachments/DK-LandingZone-ControlTower/Multi%20Account%20Setup%20for%20MRP%20v1.pdf)