Skip to content

PRODUCTS

AWS Organizations Landing Zone

A Landing Zone (LZ) is a solution designed for companies looking to deploy and manage multiple AWS accounts in a secure, scalable and best practice compliant manner. BigCheese offers a complete package that includes organizational structures, security policies and tools to optimize management and development in the cloud.

Contract

Risk Mitigation + Safety

BigCheese ensures risk mitigation and security in its Organizations Landing Zone solution through strict controls and alignment with AWS best practices. It implements automated audits and scalable design to comply with regulations such as GDPR and overcome technical limitations.

Contract
01

Guaranteed Regulatory Compliance:

Automatic audits and alignment with regulations such as GDPR or HIPAA.

02

Scalable and Adaptable Design:

Solutions that overcome technical limitations and accommodate business growth.

03

Use of AWS Native Services:

Reduction of risks due to external dependencies through reliable tools.

04

Centralized Governance:

Policies such as SCPs and CloudTrail for full control of AWS accounts.

05

Secure Account Access:

Cross IAM roles and permissions logging to ensure customer data protection.

06

Vulnerability Minimization:

MFA configuration and minimum privileges throughout the organization.

07

Continuous Protection:

Proactive monitoring and adjustments to address emerging threats.

With AWS Organizations Landing Zone, BigCheese invites you to “Think Big, Start Small”: imagine an organization with full control over its AWS infrastructure, ready to grow securely, starting with a solid, scalable foundation.

Basic

$1.000

Ideal for small or early stage AWS adopters who need a solid foundation with basic governance.

Configuration of AWS accounts with basic policies (SCPs).

Implementation of CloudTrail for audits.

MFA activation for key users.

Basic documentation for operational management.

Benefits:

  • Initial control of the infrastructure.
  • Basic security enabled from day one.
  • Low cost and fast implementation.
Contract

Recommended

$2.500

Designed for growing companies looking for a complete and scalable solution.

Everything included in the Basic package plus:

Advanced configuration of organizational policies (SCPs).

Cross-access IAM roles with minimum privileges.

Connectivity between environments (production, development, test).

Regulatory compliance aligned with standards such as GDPR and HIPAA.

Initial training for the internal team.

Benefits:

  • Centralized and secure management of multiple AWS accounts.
  • Scalability to support future growth.
  • Guaranteed regulatory compliance.
Contract

Premium

$10.000

Customized solution for large enterprises with advanced security, governance and scalability needs.

Everything in the Recommended package.

Custom design and implementation of complex architectures.

Integration of advanced tools such as AWS Control Tower and AWS Config.

24/7 evolutionary maintenance and technical support.

Continuous security monitoring and periodic audits.

Dynamic adjustments and updates according to future needs.

Benefits:

  • Optimized infrastructure for large and complex organizations.
  • Maximum safety and operational resilience.
  • Continuous support to adapt to a constantly changing environment.
Contract

Step by Step

The implementation of a Landing Zone follows a structured 6-step process, ensuring an efficient deployment aligned with the client’s objectives:

1. Project Analysis and Design

  • The current state of the infrastructure is reviewed.
  • The objectives and scope of the Landing Zone are jointly defined.
  • The solution is designed and the implementation is validated, documenting all key aspects.

2. Landing Zone implementation

  • The Landing Zone components are deployed according to the scope and definitions taken at the design stage.
  • The necessary organizational structures, security and connectivity policies are implemented.

3. Onboarding to Existing Workloads

  • If workloads or previous accounts exist, the integration process to the new Landing Zone is performed.
  • This step ensures that all resources fall under the new governance and comply with best practices.

4. Documentation and Handover

  • Training sessions and knowledge transfer to the client’s technical and safety team are conducted.
  • Deployment guides and detailed documentation based on best practices are provided.

5. Close

  • Optionally, support for evolutionary maintenance is offered, ensuring that the Landing Zone can adapt to future needs.
  • At the end, we move on to the feedback stage among the teams involved for continuous improvement.

6. Customer Feedback

  • A standard customer feedback collection process is implemented.
  • Retrospective meetings are scheduled with the client to evaluate results and propose improvements.
  • A satisfaction survey is sent to collect valuable insights.
Check Technical Documentation

FAQs

Frequently Asked Questions

What is a “Landing Zone”?

A Landing Zone is a solution that orchestrates and manages multiple AWS accounts under a secure, scalable framework aligned with best practices. It provides a structured foundation for deploying and operating workloads in a uniform manner, optimizing security, access and governance in the cloud.

What is included in the BigCheese package?

The BigCheese Organizations Landing Zone package includes:

  • Configuration of accounts and organizational structures (OUs).
  • Customized security policies and continuous monitoring.
  • Connectivity architecture between accounts and external resources.
  • Implementation of AWS Control Tower, AWS Config and CloudFormation.
  • Training and documentation to ensure knowledge transfer.
How does the solution ensure regulatory compliance?

The solution is based on the AWS Well-Architected Framework, incorporating tools such as AWS Config to perform automatic audits. This ensures that configurations comply with regulations such as GDPR or HIPAA, as well as enabling rapid adaptations to regulatory changes.

What AWS tools are used in the implementation?

The main tools used include:

  • AWS Organizations: for centralized account management.
  • Service Control Policies (SCPs): to apply restrictions at the organizational level.
  • AWS Control Tower: to configure and govern the Landing Zone.
  • AWS Config: for automated audits and regulatory compliance.
  • AWS CloudFormation: for automated deployments.
How long does it take to implement a Landing Zone?

The average implementation time varies depending on the complexity of the organization, but is generally completed in 4 to 8 weeks. This includes design, configuration, testing and training stages.

Do you require technical personnel specialized in AWS?

Not necessarily. BigCheese provides AWS certified consultants to handle the entire process. However, it is advisable to have an internal team for ongoing management after implementation.

What if I already have a previous configuration on AWS?

BigCheese evaluates your current setup to identify necessary adjustments and ensure a smooth transition to a Landing Zone, reusing existing resources whenever possible.

What are the costs associated with implementation?

Costs depend on the scale and complexity of the project, as well as the AWS services used. BigCheese provides a detailed cost breakdown in the initial proposal, ensuring transparency and customization.

How are future updates or changes handled?

The Landing Zone design allows for easy adjustments to adapt to new requirements. In addition, tools such as AWS Control Tower and CloudFormation are incorporated, which facilitate long-term change management.

What support does BigCheese offer after implementation?

BigCheese offers ongoing support, including:

  • Security monitoring and maintenance.
  • Technical assistance to resolve incidents.
  • Configuration updates to adapt to regulatory or business changes.
  • Regular retrospectives to optimize the use of AWS.

Customers

They trust us

Related cases