Maximize your security by adopting cloud best practices through automation. StackZone implements security monitoring and automatic remediations in hours to ensure your workload is protected. A security incident will cost thousand and
implementing an infrastructure Security project demands weeks of consultancy which means thousands too. Implementing StackZone will demand only hours and a fraction of the cost.
As part of StackZone implementation, and as set by cloud Best practices, StackZone deploys a multi-account landing zone improving the organization´s cloud security and management capabilities.
StackZone Multiaccount LandingZone
The Core accounts deployed by StackZone are:
Management Account: It administers the organization, access through Single Sign On and the Organizational Units of the Organization.
Log Archive Account: This account acts as an audit account, where all AWS CloudTrail, AWS Config, Amazon GuardDuty and Elastic Load Balancing (ELB) Logs can be forwarded for a better analysis.
Security Account: This account will host all the security services (Amazon Macie, AWS IAM Access Analyzer, Amazon GuardDuty, AWS Config) in order for you to aggregate and visualize the state of your cloud organization.
Networking Account: This account will act as a central hub for all your external/internal connectivity. By adopting AWS Transit Gateway, you will have control of how your services can talk to each other through the AWS network and securely. -
Shared Services: This account will help you with services that are commonly shared across your organization. Enabling Amazon Simple Storage Service (Amazon S3) Antivirus, EC2 Image Builder or Centralized Logging will help you reduce the cost of running the same services in multiple accounts.
Service Control Policies: They are organization policies used to manage permissions in your organization. They offer central control over the maximum available permissions for all accounts in your organization and ensure the accounts stay within the organization’s access control guidelines. Defining what AWS regions your workload can be deployed and/or minimizing the root user privileges are just some examples of what you can do by just activating StackZone's Service Control Policies.
Tag Policies: By implementing Tag Policies, SatckZone can Identify if your resources are not created without the defined Tags. Combined with StackZone Tagging SCP Guardrail, automation ensures no EC2 Instances and its EBS volumes are deployed without the defined Tag, standardizing tags across all the organizations' Accounts.
Stackzone Baseline services are AWS services configured and orchestrated by our automation. This will ensure all your accounts are monitored, aligned with security best practices, and simply and centrally managed.
StackZone Baseline Services
Monitor your instances and AWS service configuration with our 170+ Security related config rules.
Instantly solve non compliant resources through automation with our 50+ security-related remediation rules.
Ensure your information is securely backed by simply configuring AWS Backup.
Get alerts on security events through StackZone's 30+ security-related Cloudwatch and billing & usage alerts.
Deploy secure and compliant infrastructure using our Service catalog portfolios as well as auto-tagging and/or auto-patching features
All this can be done by just a couple of clicks on your StackZone console in just minutes not days of implementation.