44 lines
2.2 KiB
Markdown
44 lines
2.2 KiB
Markdown
---
|
||
title: "CTP Topic 35 AWS Landing Zone Design Refresher (SaaS Labs)"
|
||
type: source
|
||
tags: [AWS, Landing-Zone, SaaS, Labs, CTP]
|
||
date: 2026-04-14
|
||
---
|
||
|
||
## Source File
|
||
- [[raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/01_AWS-Landing-Zone/ctp-topic-35-aws-landing-zone-design-refresher-saas-labs.md]]
|
||
|
||
## Summary
|
||
- 核心主题:AWS Landing Zone 设计更新,区分 SaaS(生产)和 Labs(开发)环境
|
||
- 问题域:企业级多账号 AWS 架构设计、基础设施即代码
|
||
- 方法/机制:基于 Gruntwork Terraform 模板的基础设施即代码(IaC)部署
|
||
- 结论/价值:明确 SaaS 用于生产、Labs 用于开发的定位,统一云交付标准
|
||
|
||
## Key Claims
|
||
- Landing Zone 的核心目标是支持多样化的 AWS 用例,同时确保复用、控制、审计和管理
|
||
- AWS SaaS landing zones 提供客户专用环境,产品账户连接共享服务账户进行安全、日志和网络管理
|
||
- Gruntwork 账户管理 AMIs、日志和跨账户安全
|
||
- 近期更新包括网络分段阻止直接连接到 SaaS 工作负载,停用 Gruntworks CloudTrail,改为 CCOE CloudTrail
|
||
|
||
## Key Quotes
|
||
> "Our AWS landing zones, they're built infrastructure as code as you'd expect on terraform templates using the grunt work framework." — 基础设施即代码实现方式
|
||
> "Basically, the only answer is that SAS is production, Labs is development." — SaaS 与 Labs 的核心区别
|
||
|
||
## Key Concepts
|
||
- [[Gruntwork Landing Zone]]:Gruntwork 提供的预配置 AWS 基础架构框架
|
||
- [[Multi-Account Strategy]]:AWS 多账号架构策略,分离工作负载提升安全性和治理能力
|
||
- [[Cloud Guardrails]]:云守护栏,捕获可扩展性、成本最小化和灵活性的强制性要求
|
||
- [[Infrastructure as Code]]:通过代码实现一致性、版本控制的基础设施管理
|
||
|
||
## Key Entities
|
||
- [[Gruntwork]]:Landing Zone 框架提供商
|
||
- [[AWS]]:全球最大公有云平台
|
||
- [[Cloud Technology Design Forum]]:标准化和集中化微焦点云交付产品的组织
|
||
|
||
## Connections
|
||
- [[Gruntwork Landing Zone]] ← depends_on ← [[AWS Organizations]]
|
||
- [[Gruntwork Landing Zone]] ← uses ← [[Terraform]]
|
||
- [[Multi-Account Strategy]] ← implements ← [[Cloud Guardrails]]
|
||
|
||
## Contradictions
|
||
- (暂无记录) |