I'm currently exploring the Landing Zone Accelerator (LZA) and having a hard time figuring out what exactly it does and how it compares to customizing AWS accounts using AWS Control Tower (CT) or utilizing AWS Foundation with Terraform. It seems like LZA primarily deploys standard account configurations from Amazon's CDK, which are not easily adjustable. While there is some customization achievable through configuration files, it appears these configurations are hosted in AWS's repositories rather than my own. I'm looking for insights into how customizable LZA really is, especially since there's been some negative feedback regarding Control Tower in the past. Any thoughts on which is a better option to work with?
5 Answers
Overall, the benefit of LZA being opinionated is that it simplifies things for clients who aren't familiar with AWS. Everything is in a few configuration files, making handoffs smoother. However, I totally get the frustrations surrounding its complex management and the reliance on AWS support. If only there was a way to streamline those updates to reduce downtime!
If you're stuck using Control Tower, AFT is definitely the way to go. Using CloudFormation for anything beyond basic templates can really complicate things. AFT provides a pathway where you can achieve similar outcomes as CT without its many limitations. If possible, enabling CT initially, then custom-building solutions around it might offer you the best of both worlds. There's also alternatives like OrgFormation for more flexibility.
One thing about LZA to keep in mind is the configuration management. You do have the ability to write your own custom configs and manage resources flexibly. What I usually do is host the configs in S3 or GitHub, then integrate with whatever CI/CD pipeline is available. I rarely have to interact with CT directly. However, I've heard some concerns about reaching the resource limit in CloudFormation stacks, which can be tricky.
I think the dislike for Control Tower comes from its rigid framework. It's a pretty opinionated tool that doesn't allow much flexibility without throwing errors. If you're looking at the LZA, it abstracts a lot of the infrastructure details, which might be great for getting started quickly, but customization could be lacking. Can you explain what the benefits of LZA are versus customizing an account with Terraform or AFT? It’s worth digging into.
We actually went with AFT and have been pretty happy with it. The out-of-the-box capabilities are solid, like centralized logging. However, the customization options aren't great; you can deploy CloudFormation stacks, but that's about it. It’s true that you visually can’t meddle with much under the hood, which is a downside. But from a manpower perspective, it's pretty efficient and gets a lot done with minimal setup.
Related Questions
Biggest Problem With Suno AI Audio
Ethernet Signal Loss Calculator
Sports Team Randomizer
10 Uses For An Old Smartphone
Midjourney Launches An Exciting New Feature for Their Image AI
ShortlyAI Review