November AWS LZA Community of Practice Meeting Recap: Feature Requests, LZA 1.10, and Network Configurations

Estimated reading time: 4 minutes

The November AWS Landing Zone Accelerator (LZA) Community of Practice meeting brought together institutions to discuss feature requests, recent updates, and share implementation experiences. Here's a summary of the key discussions:

Feature Request Process

The meeting kicked off with a discussion about streamlining features and documentation requests. Community members raised several important questions about the process:

• File upload capabilities for request submissions
• Integration with support ticket systems
• Visibility of community-submitted requests

Internet2 is working with AWS to create the intake form and process for feature requests. More information is soon to come.

LZA 1.10 Release and Updates

A significant portion of the meeting focused on the recent release of AWS LZA 1.10. According to the AWS LZA Github release page, key new features include

“...the opportunity for new installations to leverage AWS CodeConnections to use GitHub, GitLab, or Bitbucket for storing the LZA configuration files. This supplements existing options including AWS CodeCommit and Amazon S3 to provide even more flexibility when integrating LZA operations into existing workflows.”

For those interested in staying updated with LZA releases, community members shared two helpful approaches:

1. Following releases directly on GitHub using custom "watch" settings
2. Subscribing to the releases RSS feed at: https://github.com/awslabs/landing-zone-accelerator-on-aws/releases.atom

Community Implementation Insights

Several institutions shared their experiences and current projects:

Network Configuration Approaches

A poll during the meeting revealed diverse approaches to core networking:

• Several institutions, including Tufts University and University of Colorado Boulder, implement networking through LZA
• Others opt for Terraform-based solutions
• One participant noted that LZA effectively handles their entire network configuration, including network firewalls in ingress and inspection VPCs

Security and Compliance

The University of Colorado Boulder shared their work on tuning Security Hub rules, particularly focusing on NIST 800-171 compliance.

Hybrid Approaches

Multiple institutions reported using a mix of LZA and Terraform, choosing the best tool for specific needs:

• Tufts University recently upgraded to v1.9 and is training team members on the platform
• Some institutions use LZA for core infrastructure while managing other components through Terraform

Cost Optimization

An important discussion emerged around optimizing costs for sample configurations:

• Community members shared experiences running test environments for approximately $100/month
• There was interest in developing a minimum configuration template
• AWS expressed willingness to work on more cost-effective sample configurations

Conclusion

The November AWS LZA Community of Practice meeting highlighted significant developments, particularly the release of LZA 1.10 with its enhanced repository integration options through AWS CodeConnections which allows integration into third party repositories like Github and Gitlab. Community members shared valuable insights on diverse implementation approaches, from Tufts University's successful v1.9 upgrade to University of Colorado Boulder's work on Security Hub rules for NIST 800-171 compliance, demonstrating the platform's flexibility across various hybrid implementations.

Be sure to check out the other blog posts we've written. As always, feel free to send any feedback to tmanik[at]internet2[dot]edu.