Let’s Architect! Architecting for governance and management

{"value":"As you develop next-generation cloud-native applications and modernize existing workloads by migrating to cloud, you need cloud teams that can govern centrally with policies for security, compliance, operations and spend management.\n\nIn this edition of Let’s Architect!, we gather content to help software architects and tech leaders explore new ideas, case studies, and technical approaches to help you support production implementations for large-scale migrations.\n\n\n#### **[Seamless Transition from an AWS Landing Zone to AWS Control Tower](https://aws.amazon.com/blogs/apn/seamless-transition-from-an-aws-landing-zone-to-aws-control-tower/)**\n\n\nA multi-account AWS environment helps businesses migrate, modernize, and innovate faster. With the large number of design choices, setting up a multi-account strategy can take a significant amount of time, because it involves configuring multiple accounts and services and requires a deep understanding of AWS.\n\nThis blog post shows you how [AWS Control Tower](https://aws.amazon.com/controltower/) helps customers achieve their desired business outcomes by setting up a scalable, secure, and governed multi-account environment. This post describes a strategic migration of 140 AWS accounts from customer Landing Zone to an AWS Control Tower-based solution.\n\n\n\nMulti-account landing zone architecture that uses AWS Control Tower\n\n\n#### **[Build a strong identity foundation that uses your existing on-premises Active Directory](https://aws.amazon.com/blogs/security/build-a-strong-identity-foundation-that-uses-your-existing-on-premises-active-directory/)**\n\n\nHow do you use your existing Microsoft Active Directory (AD) to reliably authenticate access for AWS accounts, infrastructure running on AWS, and third-party applications?\n\nThe architecture shown in this blog post is designed to be highly available and extends access to your existing AD to AWS, which enables your users to use their existing credentials to access authorized AWS resources and applications. This post highlights the importance of implementing a cloud authentication and authorization architecture that addresses the variety of requirements for an organization’s AWS Cloud environment.\n\n\n\nMulti-account Complete AD architecture with trusts and AWS SSO using AD as the identity source\n\n\n#### **[Migrate Resources Between AWS Accounts](https://aws.amazon.com/blogs/architecture/migrate-resources-between-aws-accounts/)**\n\n\nAWS customers often start their cloud journey with one AWS account, and over time they deploy many resources within that account. Eventually though, they’ll need to use more accounts and migrate resources across AWS Regions and accounts to reduce latency or increase resiliency.\n\nThis blog post shows four approaches to migrate resources based on type, configuration, and workload needs across AWS accounts.\n\n\n\nMigration infrastructure approach\n\n\n#### **[Transform your organization’s culture with a Cloud Center of Excellence](https://www.youtube.com/watch?v=VN1vj0d3Z1Y)**\n\n\nAs enterprises seek digital transformation, their efforts to use cloud technology within their organizations can be a bit disjointed. This video introduces you to the Cloud Center of Excellence (CCoE) and shows you how it can help transform your business via cloud adoption, migration, and operations. By using the CCoE, you’ll establish and us a cross-functional team of people for developing and managing your cloud strategy, governance, and best practices that your organization can use to transform the business using the cloud.\n\n\n\nBenefits of CCoE\n\n\n#### **See you next time!**\n\n\nThanks for reading! If you want to dive into this topic even more, don’t miss the [Management and Governance on AWS product page](https://aws.amazon.com/products/management-and-governance/).\n\nSee you in a couple of weeks with novel ways to architect for front-end web and mobile!\n\n\n#### **Other posts in this series**\n\n\n- [Let’s Architect! Using open-source technologies on AWS](https://aws.amazon.com/blogs/architecture/lets-architect-using-open-source-technologies-on-aws/)\n- [Let’s Architect! Architecting for Sustainability](https://aws.amazon.com/blogs/architecture/lets-architect-1-architecture-and-sustainability/)\n- [Let’s Architect! Architecting for Machine Learning](https://aws.amazon.com/blogs/architecture/architecting-for-machine-learning/)\n- [Let’s Architect! Architecting for Security](https://aws.amazon.com/blogs/architecture/lets-architect-architecting-for-security/)\n- [Let’s Architect! Tools for Cloud Architects](https://aws.amazon.com/blogs/architecture/lets-architect-tools-for-cloud-architects/)\n- [Let’s Architect! Architecting for Blockchain](https://aws.amazon.com/blogs/architecture/lets-architect-architecting-for-blockchain/)\n- [Let’s Architect! Architecting microservices with containers](https://aws.amazon.com/blogs/architecture/lets-architect-architecting-microservices-with-containers/)\n- [Let’s Architect! Serverless architecture on AWS](https://aws.amazon.com/blogs/architecture/lets-architect-serverless-architecture-on-aws/)\n- [Let’s Architect! Creating resilient architecture](https://aws.amazon.com/blogs/architecture/lets-architect-creating-resilient-architecture/)\n\n\n#### **Looking for more architecture content?**\n\n\n[AWS Architecture Center](https://aws.amazon.com/architecture/) provides reference architecture diagrams, vetted architecture solutions, [Well-Architected](https://aws.amazon.com/architecture/well-architected/) best practices, patterns, icons, and more!\n\n\n\n\n#### **Luca Mezzalira**\n\n\nLuca is Principal Solutions Architect based in London. He has authored several books and is an international speaker. He lent his expertise predominantly in the solution architecture field. Luca has gained accolades for revolutionizing the scalability of front-end architectures with micro-frontends, from increasing the efficiency of workflows, to delivering quality in products.\n\n\n\n\n#### **Laura Hyatt**\n\n\nLaura Hyatt is a Solutions Architect for AWS Public Sector and helps Education customers in the UK. Laura helps customers not only architect and develop scalable solutions but also think big on innovative solutions facing the education sector at present. Laura's specialty is IoT, and she is also the Alexa SME for Education across EMEA.\n\n\n\n\n#### **Vittorio Denti**\n\n\nVittorio Denti is a Solutions Architect at AWS based in London. After completing his M.Sc. in Computer Science and Engineering at Politecnico di Milano (Milan) and the KTH Royal Institute of Technology (Stockholm), he joined AWS. Vittorio has a background in Distributed Systems and Machine Learning, and a strong interest in cloud technologies. He’s especially passionate for software engineering, building ML solutions, and putting ML into production.\n\n\n\n\n#### **Zamira Jaupaj**\n\n\nZamira is an Enterprise Solutions Architect based in the Netherlands. She is highly passionate IT professional with over 10 years of multi-national experience in designing and implementing critical and complex solutions with containers, serverless, and data analytics for small and enterprise companies.","render":"<p>As you develop next-generation cloud-native applications and modernize existing workloads by migrating to cloud, you need cloud teams that can govern centrally with policies for security, compliance, operations and spend management.</p>\n<p>In this edition of Let’s Architect!, we gather content to help software architects and tech leaders explore new ideas, case studies, and technical approaches to help you support production implementations for large-scale migrations.</p>\n<h4><a id=\"Seamless_Transition_from_an_AWS_Landing_Zone_to_AWS_Control_Towerhttpsawsamazoncomblogsapnseamlesstransitionfromanawslandingzonetoawscontroltower_5\"></a><strong><a href=\"https://aws.amazon.com/blogs/apn/seamless-transition-from-an-aws-landing-zone-to-aws-control-tower/\" target=\"_blank\">Seamless Transition from an AWS Landing Zone to AWS Control Tower</a></strong></h4>\n<p>A multi-account AWS environment helps businesses migrate, modernize, and innovate faster. With the large number of design choices, setting up a multi-account strategy can take a significant amount of time, because it involves configuring multiple accounts and services and requires a deep understanding of AWS.</p>\n<p>This blog post shows you how <a href=\"https://aws.amazon.com/controltower/\" target=\"_blank\">AWS Control Tower</a> helps customers achieve their desired business outcomes by setting up a scalable, secure, and governed multi-account environment. This post describes a strategic migration of 140 AWS accounts from customer Landing Zone to an AWS Control Tower-based solution.</p>\n<p><img src=\"https://dev-media.amazoncloud.cn/c3b2b6d8516f4b71bd43379f3fa5d150_image.png\" alt=\"image.png\" /></p>\n<p>Multi-account landing zone architecture that uses AWS Control Tower</p>\n<h4><a id=\"Build_a_strong_identity_foundation_that_uses_your_existing_onpremises_Active_Directoryhttpsawsamazoncomblogssecuritybuildastrongidentityfoundationthatusesyourexistingonpremisesactivedirectory_17\"></a><strong><a href=\"https://aws.amazon.com/blogs/security/build-a-strong-identity-foundation-that-uses-your-existing-on-premises-active-directory/\" target=\"_blank\">Build a strong identity foundation that uses your existing on-premises Active Directory</a></strong></h4>\n<p>How do you use your existing Microsoft Active Directory (AD) to reliably authenticate access for AWS accounts, infrastructure running on AWS, and third-party applications?</p>\n<p>The architecture shown in this blog post is designed to be highly available and extends access to your existing AD to AWS, which enables your users to use their existing credentials to access authorized AWS resources and applications. This post highlights the importance of implementing a cloud authentication and authorization architecture that addresses the variety of requirements for an organization’s AWS Cloud environment.</p>\n<p><img src=\"https://dev-media.amazoncloud.cn/9c901a9847644ca1b7108f88d70734a9_image.png\" alt=\"image.png\" /></p>\n<p>Multi-account Complete AD architecture with trusts and AWS SSO using AD as the identity source</p>\n<h4><a id=\"Migrate_Resources_Between_AWS_Accountshttpsawsamazoncomblogsarchitecturemigrateresourcesbetweenawsaccounts_29\"></a><strong><a href=\"https://aws.amazon.com/blogs/architecture/migrate-resources-between-aws-accounts/\" target=\"_blank\">Migrate Resources Between AWS Accounts</a></strong></h4>\n<p>AWS customers often start their cloud journey with one AWS account, and over time they deploy many resources within that account. Eventually though, they’ll need to use more accounts and migrate resources across AWS Regions and accounts to reduce latency or increase resiliency.</p>\n<p>This blog post shows four approaches to migrate resources based on type, configuration, and workload needs across AWS accounts.</p>\n<p><img src=\"https://dev-media.amazoncloud.cn/105d579d9ae740c6b13dd21032973345_image.png\" alt=\"image.png\" /></p>\n<p>Migration infrastructure approach</p>\n<h4><a id=\"Transform_your_organizations_culture_with_a_Cloud_Center_of_ExcellencehttpswwwyoutubecomwatchvVN1vj0d3Z1Y_41\"></a><strong><a href=\"https://www.youtube.com/watch?v=VN1vj0d3Z1Y\" target=\"_blank\">Transform your organization’s culture with a Cloud Center of Excellence</a></strong></h4>\n<p>As enterprises seek digital transformation, their efforts to use cloud technology within their organizations can be a bit disjointed. This video introduces you to the Cloud Center of Excellence (CCoE) and shows you how it can help transform your business via cloud adoption, migration, and operations. By using the CCoE, you’ll establish and us a cross-functional team of people for developing and managing your cloud strategy, governance, and best practices that your organization can use to transform the business using the cloud.</p>\n<p><img src=\"https://dev-media.amazoncloud.cn/ec8a5b430190460598b2d3ed79e54ab6_image.png\" alt=\"image.png\" /></p>\n<p>Benefits of CCoE</p>\n<h4><a id=\"See_you_next_time_51\"></a><strong>See you next time!</strong></h4>\n<p>Thanks for reading! If you want to dive into this topic even more, don’t miss the <a href=\"https://aws.amazon.com/products/management-and-governance/\" target=\"_blank\">Management and Governance on AWS product page</a>.</p>\n<p>See you in a couple of weeks with novel ways to architect for front-end web and mobile!</p>\n<h4><a id=\"Other_posts_in_this_series_59\"></a><strong>Other posts in this series</strong></h4>\n<ul>\n<li><a href=\"https://aws.amazon.com/blogs/architecture/lets-architect-using-open-source-technologies-on-aws/\" target=\"_blank\">Let’s Architect! Using open-source technologies on AWS</a></li>\n<li><a href=\"https://aws.amazon.com/blogs/architecture/lets-architect-1-architecture-and-sustainability/\" target=\"_blank\">Let’s Architect! Architecting for Sustainability</a></li>\n<li><a href=\"https://aws.amazon.com/blogs/architecture/architecting-for-machine-learning/\" target=\"_blank\">Let’s Architect! Architecting for Machine Learning</a></li>\n<li><a href=\"https://aws.amazon.com/blogs/architecture/lets-architect-architecting-for-security/\" target=\"_blank\">Let’s Architect! Architecting for Security</a></li>\n<li><a href=\"https://aws.amazon.com/blogs/architecture/lets-architect-tools-for-cloud-architects/\" target=\"_blank\">Let’s Architect! Tools for Cloud Architects</a></li>\n<li><a href=\"https://aws.amazon.com/blogs/architecture/lets-architect-architecting-for-blockchain/\" target=\"_blank\">Let’s Architect! Architecting for Blockchain</a></li>\n<li><a href=\"https://aws.amazon.com/blogs/architecture/lets-architect-architecting-microservices-with-containers/\" target=\"_blank\">Let’s Architect! Architecting microservices with containers</a></li>\n<li><a href=\"https://aws.amazon.com/blogs/architecture/lets-architect-serverless-architecture-on-aws/\" target=\"_blank\">Let’s Architect! Serverless architecture on AWS</a></li>\n<li><a href=\"https://aws.amazon.com/blogs/architecture/lets-architect-creating-resilient-architecture/\" target=\"_blank\">Let’s Architect! Creating resilient architecture</a></li>\n</ul>\n<h4><a id=\"Looking_for_more_architecture_content_73\"></a><strong>Looking for more architecture content?</strong></h4>\n<p><a href=\"https://aws.amazon.com/architecture/\" target=\"_blank\">AWS Architecture Center</a> provides reference architecture diagrams, vetted architecture solutions, <a href=\"https://aws.amazon.com/architecture/well-architected/\" target=\"_blank\">Well-Architected</a> best practices, patterns, icons, and more!</p>\n<p><img src=\"https://dev-media.amazoncloud.cn/4b32f54da2854be6bbbbb519404d55f2_image.png\" alt=\"image.png\" /></p>\n<h4><a id=\"Luca_Mezzalira_81\"></a><strong>Luca Mezzalira</strong></h4>\n<p>Luca is Principal Solutions Architect based in London. He has authored several books and is an international speaker. He lent his expertise predominantly in the solution architecture field. Luca has gained accolades for revolutionizing the scalability of front-end architectures with micro-frontends, from increasing the efficiency of workflows, to delivering quality in products.</p>\n<p><img src=\"https://dev-media.amazoncloud.cn/355f24b4f3704dcbbadc8a66d9d8b902_image.png\" alt=\"image.png\" /></p>\n<h4><a id=\"Laura_Hyatt_89\"></a><strong>Laura Hyatt</strong></h4>\n<p>Laura Hyatt is a Solutions Architect for AWS Public Sector and helps Education customers in the UK. Laura helps customers not only architect and develop scalable solutions but also think big on innovative solutions facing the education sector at present. Laura’s specialty is IoT, and she is also the Alexa SME for Education across EMEA.</p>\n<p><img src=\"https://dev-media.amazoncloud.cn/7e40e6b5c48d41a49aad3a34981a0e77_image.png\" alt=\"image.png\" /></p>\n<h4><a id=\"Vittorio_Denti_97\"></a><strong>Vittorio Denti</strong></h4>\n<p>Vittorio Denti is a Solutions Architect at AWS based in London. After completing his M.Sc. in Computer Science and Engineering at Politecnico di Milano (Milan) and the KTH Royal Institute of Technology (Stockholm), he joined AWS. Vittorio has a background in Distributed Systems and Machine Learning, and a strong interest in cloud technologies. He’s especially passionate for software engineering, building ML solutions, and putting ML into production.</p>\n<p><img src=\"https://dev-media.amazoncloud.cn/f36833288ab5468f81e9f408350844e8_image.png\" alt=\"image.png\" /></p>\n<h4><a id=\"Zamira_Jaupaj_105\"></a><strong>Zamira Jaupaj</strong></h4>\n<p>Zamira is an Enterprise Solutions Architect based in the Netherlands. She is highly passionate IT professional with over 10 years of multi-national experience in designing and implementing critical and complex solutions with containers, serverless, and data analytics for small and enterprise companies.</p>\n"}