Control Access to Landing Zones

⭐️⭐️⭐️⭐️🏒 CoreImplement automated policies to steer application teams to appropriate cloud platforms and landing zones based on metadata about the application team.

Cloud Foundation teams strive to help application teams move to the cloud smoothly without neglecting compliance and security. To meet organizational compliance demands, Application teams usually have to meet a set of requirements before accessing the cloud.

When it comes to controlling access to something, one needs to ask β€œwho” gets access and to β€œwhat”. Application teams (β€œwho”) need to work within Landing Zones like Lift & Shift Landing Zone or Container Platform Landing Zone when building their application. Landing Zones are therefore a natural fit for the β€œwhat” in controlling access.

Example

Workload processing data subject to EU Data Privacy regulations needs to be handled differently in likvid bank. Furthermore, the connectivity needs of an application has consequences on the Landing Zone an application can be placed in.

Likvid Bank application team are following a Guided Cloud Onboarding that helps to decide on a Landing Zone and leads through necessary regulatory steps.

Application teams can only start consuming EU Landing Zones after the data privacy declaration has been filled out and archived.

Best Practices When Implementing Access Controls to Landing Zones

To arrive at a simple model for controlling access, classify application team use-cases along common requirements as described in Guided Cloud Onboarding.

  • meshStack

    meshStack automatically provisions and reconciles cloud tenants based on the desired state. This includes metadata (tags) as well as authorization (role assignments, groups).

    Learn More open in new window