Description
This deployment creates the underlying infrastructure, according to AWS best practices, and configures it for identity management, access control, VPN, logging, alarms, and compliance auditing. It contains three partitioned virtual private clouds (VPCs) for production, development, and management processes.
-
1. Core VPCs: A highly available architecture with three VPCs, each with two Availability Zones. /16/18 & **/23/**24
- Development-VPC: to build and test Dev/Test workloads.
- Management-VPC: with AWS Client VPN endpoints in the public subnets.
- Production-VPC: deploy production workload + using AWS Service Catalog.
- Peering connections to allow Secure Shell (SSH) and remote desktop access from the management VPC to private subnets in the production and development VPCs.
- VPC Endpoints: Gateway Endpoint & Interface Endpoint
- S3
- DynamoDB
- ECR: ECR - VPC Endpoint --> ECS
-
2. Client VPN Capability:
- VPN
-
3. AWS Config Conformance Packs: AWS Config to assess, audit, and evaluate security compliance of your AWS resources and remediate deviations from the following conformance packs:
- Operational Best Practices For AWS Identity And Access Management
- Operational Best Practices For Amazon S3
- Operational-Best-Practices-for-Serverless
- Operational Best Practices for NIST CSF
- Operational Best Practices for HIPAA Security
- AWS Control Tower Detective Guardrails Conformance Pack
-
4. Shared Route53 DNS >> Private HostedZone: Amazon Route 53 for a private Domain Name System (DNS).
-
corp: DevelopmentVpc & ManagmentVPC & ProductionVpc
-
-
5. Region Restriction
- APPLY_REGION_RESTRICTION_APJ
- [-] APPLY_REGION_RESTRICTION_US
-
6. Service Catalog
References