Simple Cloud Management
Managing multi-environment, continually evolving, compliant, and secure cloud infrastructures is a huge challenge for every infrastructure team. If you add the complexity of multidisciplinary teams managing different environments and deploying services and resources independently, it can become an uncontrollable situation really fast. Losing control is translated into security gaps, cost increases, inefficiency, and lack of adaptability.
Not to mention how difficult it is to replace and retrain a team member leaving for a new opportunity. Implementing an automatic and user-friendly cloud management platform minimizes the impact of all these factors and doing it within cloud best practices ensures the results.
This is exactly what StackZone does, simplifies your cloud management and Governance experience through automation and implementing cloud best practices.
You can improve your cloud team productivity by 66% implementing changes through an easy to use and user friendly UI, and relying on automation.
Improve the organization's cloud management
As part of StackZone implementation and as set by cloud Best practices, StackZone deploys a multi-account landing zone improving the organization´s cloud management and governance capabilities.
The Core accounts deployed by StackZone are:
Primary: It administers the organization, access through Single Sign On and the Organizational Units of the Organization. The cloud management team will be capable of centrally, isolated and simply manage accesses, organizational units, and the organization billing from this account.
Log Archive: This account acts as an audit account, where all AWS CloudTrail, AWS Config, Amazon GuardDuty and Elastic Load Balancing (ELB) Logs can be forwarded for a better analysis. Centrally audit logs and ensure they are isolated on a separate account.
Security: This account will host all the security services (Amazon Macie, AWS IAM Access Analyzer, Amazon GuardDuty, AWS Config) in order for the cloud management team to aggregate and visualize the state of your cloud organization.
Networking: This account will act as a central hub for all your external/internal connectivity. By adopting AWS Transit Gateway, you will have control of how your services can talk to each other.
Shared Services: This account will help you with services that are commonly shared across your organization. Enabling Amazon Simple Storage Service (Amazon S3) Antivirus, EC2 Image Builder or Centralized Logging will help you reduce the cost of running the same services in multiple accounts.
Make sure your environments remain compliant
Tagging is critical to ensure a simple management of cloud resources, StackZone easily implements Service Control Policies and Tag Policies to ensure your environments remain compliant with the organization’s Tag internal policies.
StackZone GuardRails on the Simple Cloud Management:
Service Control Policies: They are organization policies used to manage permissions in your organization.
They offer central control over the maximum available permissions for all accounts in your organization and ensure the accounts stay within the organization’s access control guidelines. Deny Amazon EC2 running Instances if not tagged as indicated (up to 10 tags) by just activating StackZone’s Service Control Policies in just a few clicks in the StackZone console.
Tag Policies: By implementing Tag Policies, StackZone can identify if your resources are not created without the defined Tags.
Combined with StackZone Tagging SCP Guardrail, automation ensures no EC2 Instances and its EBS volumes are deployed without the defined Tag, standardizing tags across all the organizations’ Accounts.
140+ Management and Governance related config rules
Monitor your instances and AWS service configuration with our 140 Management and Governance related config rules.
Instantly solve non compliant resources through automation with our 43 Management and Governance related remediation rules.
Rely on automation to simply manage critical configurations on your AWS resources; assign an AWS Backup Plan, convert EBS volumes from GP2 to GP3, add spot instances strategy to Auto Scaling groups and much more by just tagging instances.
Get alerts on security and changes events through StackZone’s 30 management and Governance related Amazon CloudWatch and billing & usage alerts.
Deploy secure and compliant infrastructure using our Service catalog portfolios as well as auto-tagging and/or auto-patching features.
All this can be done by just a couple of clicks on your StackZone console in minutes, not days of implementation