This section explains the core building blocks we use to create a Well-Architected lab environment that supports experimentation, learning, and delivery with the ability to explore and develop your opinions on enterprise security and governance processes and services.

As always, as I explore services, I push to minimise costs because this is primarily a learning environment. You'll find much of the configuration documented in the GitHub repositories as reusable snippets and packages of code for adaptation to your use cases.

Currently in the foundation

• Control Tower & Multi-Account Structure, including some AWS Config changes
• Security Services: GuardDuty, Inspector, Security Hub
• SSO / IAM Identity Center with a focus on CLI and development
• CodePipeline, CodeBuild, CodeDeploy for DevOps automation