AWS Landing Zone Accelerator — When Multi-Account Governance Gets Real
TL;DR
If you’re managing more than a handful of AWS accounts with compliance requirements like HIPAA or FedRAMP, you’ll quickly outgrow IAM Identity Center and manual guardrails. AWS Landing Zone Accelerator (LZA) is an open-source CDK application that turns a set of YAML configuration files into a fully governed, multi-account, multi-region AWS environment — including networking, security controls, and OU-based policy enforcement. This post walks through a real-world design: a shared Transit Gateway architecture with Dev/Prod isolation, NACL-based traffic boundaries, and dual-region deployment for multiple workload types.
Read More
Infrastructure as Code: Navigating Declarative and Imperative Approaches
Originally posted on the Israeli Tech Radar on medium.
I read somewhere in my late night browsing that 71% of infrastructure as code is done using Terraform. That’s a huge number, right?, and although I may not be accurate the truth isn’t that far from it. It’s almost become the default choice. And what if I told you that the default isn’t always the best for everyone?
Read More