47 lines
2.7 KiB
Markdown
47 lines
2.7 KiB
Markdown
---
|
||
title: "CTP Topic 47 Enterprise Architecture Cloud Standards"
|
||
type: source
|
||
tags: [Enterprise-Architecture, Cloud-Standards, CTP, Landing-Zone, Terraform]
|
||
sources: []
|
||
last_updated: 2026-04-14
|
||
---
|
||
|
||
## Source File
|
||
- [[raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/01_AWS-Landing-Zone/ctp-topic-47-enterprise-architecture-cloud-standards.md]]
|
||
|
||
## Summary(用中文描述)
|
||
- 核心主题:企业架构云标准、Landing Zone、云防护栏(Guardrails)
|
||
- 问题域:如何在云环境中标准化企业架构,指导应用团队了解可用资源和需求
|
||
- 方法/机制:Landing Zone 框架(账户结构+网络+安全+访问管理+遥测)、Terraform/Terragrunt IaC、云防护栏文档(设计概念+最佳实践)
|
||
- 结论/价值:标准化云架构、预配置安全模型、降低应用团队安全审查负担、减少重复造轮子
|
||
|
||
## Key Claims(用中文描述)
|
||
- Landing Zone 框架通过聚焦安全、合规和可管理性,为云工作负载提供托管基础
|
||
- 账户结构与开发/预发布/生产环境对齐,角色通过零信任和最小权限原则定义访问控制
|
||
- Terraform 允许以代码形式指定期望环境,促进标准化和可测试性
|
||
- 云防护栏文档捕获强制性要求和最佳实践,指导可扩展性、成本最小化和灵活性
|
||
- 功能分区将单体应用拆分为更小的独立模块或无服务器函数
|
||
|
||
## Key Quotes
|
||
> "A landing zone is a framework for hosting cloud workloads, focusing on security, compliance, and manageability." — Lindsay,企业架构师
|
||
> "We want your knowledge collected here for reuse and help other app developers down the road." — Lindsay,号召应用团队贡献防护栏内容
|
||
|
||
## Key Concepts
|
||
- [[Landing Zone]]:托管云工作负载的框架,聚焦安全、合规和可管理性,包含账户结构、网络、安全、访问管理和遥测
|
||
- [[Zero Trust Architecture]]:零信任安全架构,通过最小权限原则定义访问控制
|
||
- [[Infrastructure as Code]]:基础设施即代码,使用 Terraform 实现环境标准化和可测试性
|
||
- [[Cloud Guardrails]]:云防护栏文档,捕获强制性要求和最佳实践
|
||
- [[Functional Partitioning]]:功能分区,将单体应用拆分为更小的独立块或无服务器函数
|
||
- [[Terragrunt]]:Terraform 的包装器,用于生成不同环境
|
||
|
||
## Key Entities
|
||
- [[Lindsay]]:企业架构师,具有开发背景,以学习者视角分享云架构知识
|
||
|
||
## Connections
|
||
- [[ctp-topic-1-gruntwork-landing-zone-architecture]] ← related_to ← [[Landing Zone]](Topic 1 是 Gruntwork Landing Zone 基础)
|
||
- [[Terraform]] ← uses ← [[Infrastructure as Code]]
|
||
- [[Cloud Guardrails]] ← guides ← [[Enterprise Architecture Cloud Standards]]
|
||
|
||
## Contradictions
|
||
- 无已知冲突内容
|