Hi all! In December, OTUS launches a new course - . In anticipation of the start of this course, we are sharing with you a translation of interesting material on the topic.
is a solution that helps customers quickly set up a secure AWS multi-account environment based on best practices.
For more than five years of existence, our team at Mitoc Group has worked tirelessly to help large organizations succeed in digital transformation and build or migrate their digital footprint to the AWS Cloud. In other words, to quote our friends at AWS, "Our customers are reinventing themselves with AWS." It's an endless effort to reinvent and simplify mechanics on behalf of the customers themselves, and AWS does a great job of solving complex problems with easy-to-learn solutions.
AWS Landing Zone ()
What is AWS Landing Zone?
As the information from the official source says:
AWS Landing Zone is a solution that helps customers set up a secure AWS multi-account environment faster based on AWS best practices. With so many options, setting up a multi-account environment can be time-consuming, involve setting up multiple accounts and services, and require a deep understanding of how AWS services work.
The AWS Landing Zone solution has greatly reduced the complexity and consistency of similar design patterns that are provided to different clients. On the other hand, our team had to reconfigure some CloudFormation components as Terraform components in order to use them further for automation.
So we wondered why not build the entire AWS Landing Zone solution in Terraform? Can we do it and will it solve the problems of our customers? Spoiler: decide and already decide! π
When should you not use AWS Landing Zone?
If you are dealing with regular cloud services and cloud resources within one or two AWS accounts, these steps may be overkill. Anyone who does not belong to this paragraph can continue reading π
What should be considered before starting work?
Many of the large organizations we've worked with already have some kind of cloud strategy in place. Companies are struggling to successfully implement cloud services without a clear vision and articulated expectations. Please take the time to figure out your strategy and how AWS fits into it.
When defining a strategy, successful AWS Landing Zone customers actively focus on the following:
- Automation is just not an option. Native cloud automation preferred.
- Teams consistently use the same mechanics with the same set of tools to provision cloud resources. It is better to use Terraform.
- The most productive users of cloud services have the ability to create reusable processes and expose them as reusable services instead of reusable code. A serverless architecture is preferred.
Introducing the Terraform Module for AWS Landing Zone
After several months of hard work, I am pleased to present to you . stored on GitHub and published on the Terraform Module Registry.
To get started, just turn on main.tf to your code:
module "landing_zone" {
source = "TerraHubCorp/landing-zone/aws"
version = "0.0.6"
root_path = "${path.module}"
account_id = "${var.account_id}"
region = "${var.region}"
landing_zone_components = "${var.landing_zone_components}"
}
Note: Be sure to enable variables.tf and everything you might need from outputs.tf.
To make it easier to understand, we have added default values ββto terraform.tfvars:
account_id = "123456789012"
region = "us-east-1"
landing_zone_components = {
landing_zone_pipeline_s3_bucket = "s3://terraform-aws-landing-zone/mycompany/landing_zone_pipeline_s3_bucket/default.tfvars"
[...]
}
This means that when using this module terraform you will need:
- Change values
account_idΠΈregionto your own, which correspond to the data in the AWS Organization; - Change values
landing_zone_componentsthe ones that match your AWS Landing Zone use case; - Change
s3://terraform-aws-landing-zone/mycompanyto your block S3 and key prefix S3where you will store the files.tfvars(or absolute path to files.tfvarsin your local storage).
This module may have dozens, hundreds, or thousands of deployable components, but not all of them need to be and will be deployed. At runtime, components that are not part of the variable map landing_zone_components will be ignored.
Conclusion
We are very excited and proud to share the fruits of our efforts to help customers build native cloud automation. Terraform Module for AWS Landing Zone is another solution that helps organizations set up a secure multi-account AWS environment faster based on AWS best practices. We are well aware that AWS is growing insanely fast, and we are committed to also rapidly developing a terraform solution that covers all the basics and also integrates with other working AWS solutions.
That's all. We look forward to your comments and invite you to within which we we will study the architecture design of the Cloud Landing Zone domain and consider the architectural patterns of the main domains.
Source: habr.com