Update nexus: fix conflicts and sync local changes
This commit is contained in:
Shen Wei
@@ -1,39 +1,39 @@
|
||||
---
|
||||
title: "Reference Architecture"
|
||||
type: concept
|
||||
sources: [ctp-topic-1-gruntwork-landing-zone-architecture, ctp-topic-35-aws-landing-zone-design-refresher-saas-labs]
|
||||
last_updated: 2026-04-14
|
||||
---
|
||||
|
||||
## Definition
|
||||
参考架构(Reference Architecture)是一套经过实战验证的最佳实践集合,作为企业云平台部署的起点和蓝图。它定义了标准化的账户结构、网络拓扑、安全边界和服务组合,帮助组织快速建立符合安全和合规要求的云基础设施。
|
||||
|
||||
## Key Components
|
||||
|
||||
### Account Structure
|
||||
- **Core Accounts(核心账户)**:
|
||||
- `Shared`:共享服务账户,提供 CI/CD 工具、NTP、DNS 等公共服务
|
||||
- `Logs`:日志账户,集中收集和存储所有账户的审计日志
|
||||
- `Security`:安全账户,托管 IAM 角色和联邦身份配置
|
||||
- **Workload Accounts(工作负载账户)**:
|
||||
- `Prod`:生产环境账户
|
||||
- `Stage`:预发布环境账户
|
||||
- `Dev`:开发环境账户
|
||||
|
||||
### Network Topology
|
||||
- Centralized network design with VPCs per account
|
||||
- Transit Gateway for cross-account connectivity
|
||||
- Shared services accessible via VPC peering or Transit Gateway
|
||||
|
||||
## Relationship with Landing Zone
|
||||
- **Reference Architecture**:标准化的起点和蓝图,定义通用模式
|
||||
- **Landing Zone**:基于 Reference Architecture 的具体部署单元,由各产品团队在 Gruntwork 仓库基础上定制
|
||||
|
||||
## Related Concepts
|
||||
- [[Landing-Zone-Architecture]]:Reference Architecture 的具体部署实例
|
||||
- [[Federated-Access]]:安全账户的身份管理机制
|
||||
- [[Terraform-Modules]]:实现 Reference Architecture 的 IaC 模块库
|
||||
|
||||
## References
|
||||
- [[ctp-topic-1-gruntwork-landing-zone-architecture]]
|
||||
- [[ctp-topic-35-aws-landing-zone-design-refresher-saas-labs]]
|
||||
---
|
||||
title: "Reference Architecture"
|
||||
type: concept
|
||||
sources: [ctp-topic-1-gruntwork-landing-zone-architecture, ctp-topic-35-aws-landing-zone-design-refresher-saas-labs]
|
||||
last_updated: 2026-04-14
|
||||
---
|
||||
|
||||
## Definition
|
||||
参考架构(Reference Architecture)是一套经过实战验证的最佳实践集合,作为企业云平台部署的起点和蓝图。它定义了标准化的账户结构、网络拓扑、安全边界和服务组合,帮助组织快速建立符合安全和合规要求的云基础设施。
|
||||
|
||||
## Key Components
|
||||
|
||||
### Account Structure
|
||||
- **Core Accounts(核心账户)**:
|
||||
- `Shared`:共享服务账户,提供 CI/CD 工具、NTP、DNS 等公共服务
|
||||
- `Logs`:日志账户,集中收集和存储所有账户的审计日志
|
||||
- `Security`:安全账户,托管 IAM 角色和联邦身份配置
|
||||
- **Workload Accounts(工作负载账户)**:
|
||||
- `Prod`:生产环境账户
|
||||
- `Stage`:预发布环境账户
|
||||
- `Dev`:开发环境账户
|
||||
|
||||
### Network Topology
|
||||
- Centralized network design with VPCs per account
|
||||
- Transit Gateway for cross-account connectivity
|
||||
- Shared services accessible via VPC peering or Transit Gateway
|
||||
|
||||
## Relationship with Landing Zone
|
||||
- **Reference Architecture**:标准化的起点和蓝图,定义通用模式
|
||||
- **Landing Zone**:基于 Reference Architecture 的具体部署单元,由各产品团队在 Gruntwork 仓库基础上定制
|
||||
|
||||
## Related Concepts
|
||||
- [[Landing-Zone-Architecture]]:Reference Architecture 的具体部署实例
|
||||
- [[Federated-Access]]:安全账户的身份管理机制
|
||||
- [[Terraform-Modules]]:实现 Reference Architecture 的 IaC 模块库
|
||||
|
||||
## References
|
||||
- [[ctp-topic-1-gruntwork-landing-zone-architecture]]
|
||||
- [[ctp-topic-35-aws-landing-zone-design-refresher-saas-labs]]
|
||||
|
||||
Reference in New Issue
Block a user