Setting Up Your AWS Landing Zone

Overview

The AWS Landing Zone provides a secure, well-architected starting point for your enterprise GenAI applications. This guide walks you through the initial setup process.

Account Structure

Root Account
├── Security
│   ├── GuardDuty
│   ├── SecurityHub
│   └── IAM
├── Logging
│   ├── CloudWatch
│   └── CloudTrail
├── Shared Services
│   ├── VPC
│   └── DirectConnect
└── Workloads
    ├── Development
    ├── Staging
    └── Production

Initial Setup Steps

Create AWS Organization

aws organizations create-organization

Enable AWS Control Tower

Navigate to AWS Control Tower Console
Select "Set up landing zone"
Choose your home Region
Configure your logging account

Configure Security Services

# Enable GuardDuty
aws guardduty create-detector --enable

# Enable SecurityHub
aws securityhub enable-security-hub

Next Steps

Review our implementation guides
Set up your security controls
Deploy your first workload

[Detailed setup instructions and code examples available in our repositories]

Overview​

Account Structure​

Initial Setup Steps​

Next Steps​

Overview

Account Structure

Initial Setup Steps

Next Steps