AWS Platform Guide

Landing Zone Prerequisites

  1. Create 1Password for credentials (To be completed by the Client)

  2. If not already available, create an external Identity provider for SSO and store credentials in 1Password. Sample AWS supported options include Azure AD, CyberArk, JumpCloud, Okta, Onelogin, Ping Identity. Once a preferred SSO provider is chosen, the SSO management account should be created by the client. Note, the AWS default SSO option could also be chosen for a start pending when the client is willing to subscribe to an external identity provider.

  3. Create AWS root account and store root credentials in 1Password. If possible, account should be created using a group email address, e.g aws-management@example.com.

    The Google Group must be set up to allow anyone on the web to post to the group.

    GeneralWho Can PostAnyone on the web

    Otherwise, the verification email from AWS will not go through. If your group settings do allow anyone to post, but you still do not see the AWS email, check under Conversations > Pending in Google Groups.

  4. Create the following group emails to be used for other dependency accounts in AWS (To be completed by the Client), to use the below email address naming convention, the ACCOUNT_EMAIL_PREFIX in your landing-zone configuration file should be aws-;

    1. aws-management@example.com
    2. aws-identity@example.com
    3. aws-audit@example.com
    4. aws-backup@example.com
    5. aws-report@example.com
    6. aws-log-archive@example.com
    7. aws-network@example.com
    8. aws-operations@example.com
    9. aws-sandbox@example.com
    10. aws-production@example.com
    11. sso-management@example.com
  5. Create a Github organisation (To be completed by the Client).

  6. Create necessary repositories on GitHub.

  7. Login to AWS and enable MFA on the root account for AWS, then you can link the MFA to 1Password.

AWS Platform Guide

The guide for building and maintaining production-grade Kubernetes clusters with built-in support for SRE best practices.

Work with us to scale your application, improve stability, and increase the rate of defect-free deployments.