The Repeating Foundations Problem

Networking, identity, logging, and security controls. Teams rebuild these before they even start delivering value. Instead of redesigning the basics for every project, teams can start from a known-good pattern. This is why landing zone accelerators matter.

What the Accelerators Include

Infrastructure as Code for AWS, Azure, GCP, and OCI
Security-first design patterns for each cloud provider
Architecture diagrams showing trust boundaries and inspection points
STRIDE-based threat hunting mappings for each environment
Networking, identity, logging, and security control templates
Repeatable, production-ready secure foundations

The Goal

Help teams stand up secure, production-ready cloud foundations faster and with better visibility from day one. Security guardrails, logging, identity governance, and network segmentation are all present before any application workload is deployed. Instead of security being retrofitted after deployment, it is embedded from the first line of infrastructure code.

Cloud Landing Zone Accelerators — AWS, Azure, and GCP Hub-spoke · Guardrails · Identity · Security · Connectivity · IaC · Compliance baseline AWS LANDING ZONE Control Tower · Account vending · Guardrails Organizations + SCPs · Deny public S3 Transit Gateway · Hub-spoke routing IAM Identity Center · SSO · SCIM GuardDuty · Security Hub · CloudTrail Terraform · CDK · LZA accelerator CIS AWS · NIST · PCI · ISO 27001 AZURE LANDING ZONE Management Groups · Policy inheritance Azure Policy · Blueprints · Deny public Virtual WAN / vHub · ExpressRoute Entra ID + PIM · JIT access · RBAC Defender for Cloud · Sentinel · Logs Bicep · Terraform · CAF · ALZ CIS Azure · NIST · ISO 27001 · DORA GCP LANDING ZONE Resource Hierarchy · Org · Folders Org Policies · VPC SC · No public IPs Shared VPC · Cloud NAT · Interconnect Cloud Identity · IAM · Workload Identity Security Command Centre · Chronicle Foundation Toolkit · Terraform CIS GCP · NIST · ISO 27001 · FedRAMP All three: Governance · Identity · Network · Security · IaC · Compliance · lucid.app/lucidchart/edd8ef48-4b3a-497a-9b1b-740811a7c19a/edit
// Cloud landing zone accelerators overview
Cloud Landing Zones Repository
Infrastructure as Code, architecture diagrams, and STRIDE threat hunting mappings for AWS, Azure, GCP, and OCI.
github.com/saleem-yousaf/cloud-landing-zones
Back to all articlesCloud Service Mapping: AWS vs Azure vs GCP