Estimated reading time: 5 minutes

On September 3, 2024, the AWS Landing Zone Accelerator (LZA) Community of Practice gathered for its monthly meeting, bringing together representatives from various institutions and AWS experts. The session focused on providing a comprehensive introduction to LZA, its architecture, and best practices for implementation.

LZA 101: Understanding the Foundations

The meeting began with an informative LZA 101 presentation by Brian from the AWS LZA team. He introduced attendees to landing zones and their role in cloud adoption. Key takeaways include:

  1. Landing Zone Defined: A critical cloud foundation component that provides a framework for account provisioning and management, establishing a secure and compliant multi-account AWS environment.
  2. Cloud Foundation Alignment: The importance of aligning with the AWS Cloud Adoption Framework's Platform, Operations, and Security pillars.
  3. Historical Context: The evolution from customer-built systems to AWS-managed services like Control Tower.
  4. Differentiating landing zone and LZA: While a landing zone is the overall environment and structure for AWS account management, LZA is a specific tool for implementing and managing that environment.
  5. LZA Overview: An open-source solution accelerating the implementation of security controls and infrastructure foundation on AWS.
  6. Key Benefits: Well-Architected framework alignment, compliance documentation, and ability to programmatically implement and track AWS Organization-wide configuration changes.
  7. Architecture: Utilizes AWS CloudFormation, CodePipeline, and Cloud Development Kit (CDK) for deployment.

Q&A Insights: Real-world Implementation Concerns

The Q&A session provided valuable insights into the practical aspects of implementing LZA:

  • Configuration Management: The University of Idaho raised questions about best practices for editing YAML files, particularly for CMMC compliance. AWS experts recommended establishing a RACI matrix for effective people and processes management.
  • Change Management: Internet2 inquired about config management locations, to which AWS said one way is to use internal code repositories (like GitHub) with actions to trigger the LZA deployment pipeline.
  • Testing Strategies: The importance of having separate test and production organizations for making changes was emphasized, with AWS experts noting that account boundaries alone are insufficient for containing organization-wide changes.
  • Third-party Integrations: While specific third-party tools weren't recalled, AWS highlighted the LZA account creation workflow available on GitHub as a valuable resource.

Looking Ahead: Roadmap and Community Engagement

The meeting concluded with important announcements and future plans:

  1. TechEx Check-in: Internet2 and Amazon have a session at  TechEx conference to talk about the effectiveness of these community gatherings. They are looking for members of the CoP who are attending the event to join the discussion.
  2. Next Meeting Preview: The October meeting will feature a roadmap discussion, requiring an NDA with AWS for participation. This session promises to provide exclusive insights into the future direction of LZA. If you wish to attend, please email bflynn@internet2.edu with confirmation that your institution has an NDA.

The September AWS LZA Community of Practice meeting successfully demystified Landing Zone Accelerator, providing attendees with a solid foundation for understanding the benefits of implementing this powerful tool. As institutions continue to navigate their cloud adoption journeys, the insights shared in this session will undoubtedly prove invaluable.

Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.