Simple Cloud Management
Managing multi-environment, continually evolving, compliant, and secure cloud infrastructures is a huge challenge for every infrastructure team.
If you add the complexity of multidisciplinary teams managing different environments and deploying services and resources independently, it can become an uncontrollable situation really fast.
Losing control is translated into security gaps, cost increases, inefficiency, and lack of adaptability. Not to mention how difficult
it is to replace and retrain a team member leaving for a new opportunity.
Implementing an automatic and user-friendly cloud management platform minimizes the impact of all these factors and doing it within cloud best practices ensures the results.
This is exactly what StackZone does, simplifies your cloud management and Governance experience through automation and implementing cloud best practices.
As part of StackZone implementation, and as set by cloud Best practices, StackZone deploys a multi-account landing zone improving the organization´s cloud management and governance capabilities.
StackZone Multiaccount LandingZone
The Core accounts deployed by StackZone are:
Primary Account: It administers the organization, access through Single Sign On and the Organizational Units of the Organization. The cloud management team will be capable of centrally, isolated, and simply manage accesses, organizational units, and the organization billing from this account.
Log Archive Account: This account acts as an audit account, where all AWS CloudTrail, AWS Config, Amazon GuardDuty and Elastic Load Balancing (ELB) Logs can be forwarded for a better analysis. Centrally audit logs and ensure they are isolated on a separate account.
Security Account: This account will host all the security services (Amazon Macie, AWS IAM Access Analyzer, Amazon GuardDuty,
AWS Config) in order for the cloud management team to aggregate and visualize the state of your cloud organization.
Networking Account: This account will act as a central hub for all your external/internal connectivity. By adopting AWS Transit Gateway, you will have control of how your services can talk to each other.
Shared Services: This account will help you with services that are commonly shared across your organization. Enabling Amazon Simple Storage Service (Amazon S3) Antivirus, EC2 Image Builder or Centralized Logging will help you reduce the cost of running the same services in multiple accounts.
Tagging is critical to ensure a simple management of cloud resources, StackZone easily implements Service Control Policies and Tag Policies to ensure your environments remain compliant with the organization's Tag internal policies.
Service Control Policies: They are organization policies used to manage permissions in your organization. They offer central control over the maximum available permissions for all accounts in your organization and ensure the accounts stay within the organization’s access control guidelines. Deny Amazon EC2 running Instances if not tagged as indicated (up to 10 tags) by just activating StackZone's Service Control Policies in just a few clicks in the StackZone console.
Tag Policies: By implementing Tag Policies, SatckZone can Identify if your resources are not created without the defined Tags. Combined with StackZone Tagging SCP Guardrail, automation ensures no EC2 Instances and its EBS volumes are deployed without the defined Tag, standardizing tags across all the organizations' Accounts.
Stackzone Baseline services are AWS services configured and orchestrated by our automation. This will ensure all your accounts are monitored, aligned with security best practices, and simply and centrally managed.
StackZone Baseline Services
Monitor your instances and AWS service configuration with our 40 Management and Governance related config rules.
Instantly solve non compliant resources through automation with our 43 Management and Governance related remediation rules.
Rely on automation to simply manage critical configurations on your AWS resources; assign an AWS Backup Plan, convert EBS
volumes from GP2 to GP3, add spot instances strategy to Auto Scaling groups, and much more by just tagging instances.
Get alerts on security and changes events through StackZone's 30 management and Governance related Cloudwatch and billing & usage alerts.
Deploy secure and compliant infrastructure using our Service catalog portfolios as well as auto-tagging and/or auto-patching features.
All this and much more will be deployed in a few clicks on your StackZone console through automation and in just minutes not days of development and implementation.