AWS Landing Zone
Definition
AWS Landing Zone
An AWS Landing Zone is a pre-configured, multi-account AWS environment built on AWS Control Tower and AWS Organizations. It provides a governed foundation with security guardrails, centralised logging, and automated account provisioning.
In detail
Many AWS environments grow faster than their governance. One account becomes ten, ten become thirty, without consistent policies, without central visibility, without audit evidence. A landing zone prevents this drift by enforcing structure from the start.
A well-designed landing zone includes an OU hierarchy, Service Control Policies, centralised CloudTrail logging, Security Hub aggregation, and an Account Factory for self-service provisioning.
How Tallence helps
Tallence builds and operates AWS landing zones through the Cloud Governance Accelerator and Tallence Cloud Foundation managed service.
Learn more about Landing Zone operationsRelated terms
Cloud Governance
The policies, processes, and controls that ensure cloud resources are used securely, compliantly, and cost-effectively across an organisation.
Cloud Foundation
A managed AWS landing zone service covering governance, drift detection, FinOps, and 24/7 incident response as an ongoing operational engagement.
Compliance-as-Code
Embedding compliance requirements as automated rules directly into cloud infrastructure, so adherence is enforced continuously rather than checked periodically.
Explore more terms
All glossary terms→FinOps
An operating framework that connects technology, finance, and business teams to manage cloud spending with accountability and transparency.
Site Reliability Engineering (SRE)
An engineering discipline that applies software practices to IT operations, using SLOs and error budgets to balance reliability with delivery speed.
Hybrid Cloud
A composition of two or more cloud environments (private, community, or public) connected by technology that enables data and application portability.
Private Cloud
A dedicated IT environment used exclusively by one organisation, providing maximum control over data, network, and configuration.
DevOps
An engineering practice that aligns development and operations teams around shared goals, automated pipelines, and a culture of continuous delivery.
Microservices
An architecture pattern where applications are decomposed into independently deployable services, each owning its domain, data, and deployment lifecycle.