Campus Cloud Amazon Web Services (AWS) Environment

Global Infrastructure

An overview of the Amazon Web Services Global Infrastructure can be found here.

Regions

Amazon maintains over 20 Regions. The UCSB Campus Cloud is currently deployed in two regions, Oregon (US-West-2) and North Virginia(US-East-1). We limit our support to these two regions based on the availability of services.

Control Tower

AWS Control Tower is a service that provides a way to set up and govern a secure, compliant, multi-account AWS environment based on best practices established by AWS. Cloud administrators will know that accounts are aligned with centrally established, company-wide compliance policies. Control Tower is built on top of other AWS services including AWS Service Catalog, AWS Config, Cloudwatch, CloudTrail, CloudFormation, and AWS Organizations.

AWS Control Tower has the following features:

  • Landing zone – A landing zone is a well-architected, multi-account AWS environment that’s based on security and compliance best practices. This is the enterprise-wide container that holds all of your organizational units (OUs), accounts, users, and other resources that you want to be subject to compliance regulation. A landing zone can scale to fit the needs of an enterprise of any size.

  • Guardrails – A guardrail is a high-level rule that provides ongoing governance for your overall AWS environment. It’s expressed in plain language. Two kinds of guardrails exist: preventive and detective. Three categories of guidance apply to the two kinds of guardrails: mandatory, strongly recommended, or elective.

  • Account Factory – An Account Factory is a configurable account template that helps to standardize the provisioning of new accounts with pre-approved account configurations. AWS Control Tower offers a built-in Account Factory that helps automate the account provisioning workflow in your organization.

Core and Shared Services Accounts

Campus Connectivity

Legacy

Campus Cloud Microsoft Azure Environment

Campus Cloud Google Cloud Platform (GCP) Environment