AWS - Baseline

Fernando Honig

Last Update a year ago

StackZone Baseline Setup includes the necessary components for you to choose after it's been built.

Components Created:

  • Shared Services Account:
    • Amazon VPC including Private and Public Subnets distributed in 2 availability zones in the primary region
  • Log-Archive Account:
    • Shared Amazon S3 Bucket with a lifecycle policy to store logs up to 7 years
  • Primary Account: Security Services Delegation to the Security Account
    • AWS Security Hub (if enabled)
    • Amazon S3 Storage Lens
    • AWS License Manager
    • AWS Systems Manager
    • Amazon Macie
    • AWS IAM Access Analyzer
  • Service Control Policies
    • Core OU Mandatory Preventive GuardRails
    • Workloads OU Mandatory Preventive GuardRails
    • StackZone Deny Preventive GuardRails
  • Baseline Services (Applied to every account managed by StackZone)
    • Lambda Helper (required Lambda functions for StackZone to operate)
    • SNS Helper (required to forward Security SNS Notifications from all accounts to the Security Account)
    • Key Management Service: Creates AWS KMS Keys for Amazon EBS Volumes, CloudWatch Logs and SNS Topics to be encrypted to maintain compliance.
    • AWS Config: 
      • Creates an AWS IAM Role to run AWS Config Rules and Remediations.


Average Time to deploy: 75 minutes (including the creation of all AWS accounts) 


Was this article helpful?

0 out of 0 liked this article

Still need help? Message Us