This section explains the core building blocks we use to create a Well-Architected lab environment that supports experimentation, learning, and delivery with the ability to explore and develop your opinions on enterprise security and governance processes and services.
As always, as I explore services, I push to minimise costs because this is primarily a learning environment. You'll find much of the configuration documented in the GitHub repositories as reusable snippets and packages of code for adaptation to your use cases.
Currently in the foundation
- Control Tower & Multi-Account Structure, including some AWS Config changes
- Security Services: GuardDuty, Inspector, Security Hub
- SSO / IAM Identity Center with a focus on CLI and development
- CodePipeline, CodeBuild, CodeDeploy for DevOps automation