Skip to content

Case Study

Multi-account AWS Landing Zone

A regulated product company needed to onboard 20+ teams to AWS without sacrificing speed or governance. I delivered a multi-account baseline with opinionated guardrails, automated provisioning, and single sign-on.

Highlights

  • Provisioning lead time dropped by 40% via account vending and pre-approved blueprints.
  • Centralized identity with AWS SSO and SCIM synced groups for least-privilege access.
  • Guardrails and detective controls implemented with Control Tower, Config, and Security Hub.

What I built

  • Landing zone foundation using Organizations, Control Tower, and dedicated security/logging accounts.
  • Terraform modules for network, DNS, and baseline services, validated with GitLab CI and OPA policies.
  • Account factory workflows for new workloads with baked-in observability and cost allocation.

Impact

  • Cut shadow infrastructure risk and standardized encryption/logging across all environments.
  • Security and platform teams gained shared dashboards for drift detection and audit reporting.
  • Developers self-served compliant accounts in under an hour instead of waiting days.
Discuss a similar engagement