Cloud platform architecture and services
┌─────────────────────────────────────────────────────────┐
│ Shared Services │
│ ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐ │
│ │ DNS │ │ CDN │ │ Email │ │ Auth │ │
│ └─────────┘ └─────────┘ └─────────┘ └─────────┘ │
└──────────────────────┬──────────────────────────────────┘
│
┌──────────────────────▼──────────────────────────────────┐
│ Network Platform │
│ ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐ │
│ │ VPC │ │ VPN │ │ Firewall│ │ DNS │ │
│ └─────────┘ └─────────┘ └─────────┘ └─────────┘ │
└──────────────────────┬──────────────────────────────────┘
│
┌──────────────────────▼──────────────────────────────────┐
│ Compute Platform │
│ ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐ │
│ │ VMs │ │Containers│ │Functions│ │ K8s │ │
│ └─────────┘ └─────────┘ └─────────┘ └─────────┘ │
└──────────────────────┬──────────────────────────────────┘
│
┌──────────────────────▼──────────────────────────────────┐
│ Data Platform │
│ ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐ │
│ │Object │ │ DB │ │ Cache │ │ Data │ │
│ │Storage │ │ │ │ │ │ Lake │ │
│ └─────────┘ └─────────┘ └─────────┘ └─────────┘ │
└─────────────────────────────────────────────────────────┘
| Requirement | AWS | Azure | GCP |
|---|---|---|---|
| Compute | EC2, Lambda | VM, Functions | Compute Engine, Cloud Functions |
| Containers | ECS, EKS | Container Instances, AKS | Cloud Run, GKE |
| Serverless | Lambda | Functions | Cloud Functions, Cloud Run |
| Database | RDS, DynamoDB | SQL, Cosmos DB | Cloud SQL, Firestore |
| Analytics | Athena, Redshift | Synapse, Data Lake | BigQuery |
| AI/ML | SageMaker | Azure ML | Vertex AI |
# AWS Organizations
resource "aws_organizations_organization" "main" {
feature_set: "ALL"
}
resource "aws_organizations_organizational_unit" "production" {
name = "Production"
parent_id = aws_organizations_organization.main.roots[0].id
}
resource "aws_organizations_account" "prod-network" {
name = "prod-network"
email = "[email protected]"
parent_id = aws_organizations_organizational_unit.production.id
}
resource "aws_organizations_account" "prod workloads" {
name = "prod-workloads"
email = "[email protected]"
parent_id = aws_organizations_organizational_unit.production.id
}
# Control Tower Landing Zone
module "landing_zone" {
source = "aws-quickstart/qs-cfn-labs"
version = "1.0.0"
# Shared Account
master_account_email = "[email protected]"
master_account_name = "OrganizationMaster"
# Log Archive
log_archive_account_email = "[email protected]"
# Audit
audit_account_email = "[email protected]"
# Organizations
organizational_units = ["Production", "Development", "Sandbox"]
#SSO
sso_enabled = true
sso_email = "[email protected]"
}
Operational Excellence
Security
Reliability
Performance Efficiency
Cost Optimization
Sustainability