ITGix Landing Zone

PCI DSS compliant AWS Landing Zone by ITGix

ITGix AWS Landing Zone is designed specifically for financial services companies ensuring robust security,  and efficiency from the outset. Our solutions guarantee PCI DSS compliance from day one, meeting high standards to protect sensitive financial data. Leveraging end-to-end automation, we deliver a fast time-to-market of just 1-3 days. Additionally, our Landing Zone is fully complaint with AWS Well Architected Framework, ensuring best practices and optimal performance for your operations.

Key Benefits

PCI DSS Compliance and Auditability:

  • The Landing zone is developed with PCI DSS Compliance in mind ensuring your Cardholder Data Environment (CDE) is ready to be audited
  • Automated security scanning: Continuous security scanning and automated compliance checks to maintain the highest standards

Centralized Security and Management

  • Single Sign-On (SSO): Centralized organizational login via SSO with optional integration with federated access control from SAML or OIDC providers such as Keycloak, Google Workspace, and Active Directory
  • Security Controls: Implementation of least privilege access, centralized user management, and resource isolation to enhance security
  • Network Security: Centralized egress, network firewall inspection of all outbound traffic, and web application firewall for inbound traffic
ITGix - Landing Zone - Compliance
ITGix - Landing Zone - Cost Efficiency

Cost Efficiency

  • Shared Services: Cost-efficient networking and VPN infrastructure with centralized VPNs supporting both Site-to-Site and Client VPNs . Cost Efficiency increases as your infrastructure scales due to the “Hub and Spoke” approach for centralized networking
  • Optimized Egress Traffic: Maintain cost efficiency even with multiple application accounts by centralizing egress traffic management

Fast Time to Market

  • End-to-end automation: Fully automated provisioning of AWS accounts and services according to AWS Well-Architected Framework and best practices
  • Resource provisioning: Automated infrastructure provisioning, compliance checks, and configuration management to streamline processes and reduce manual effort

Advanced Networking and Integration

  • Centralized Network Firewall: Traffic inspection and routing through a centralized network firewall, with redundancy across three AZs for enhanced reliability
  • On-Premises Integration: Seamless integration with on-premises datacenters via AWS Direct Connect

Architecture

ITGix - Landing Zone - Architecture

Implementation Steps

ITGix - Landing Zone - Implementation steps 1

Provision of a Management Account

Requires a credit card, email address, billing, and contact information

ITGix - Landing Zone - Implementation steps 2

Set Up MFA and IAM Users

Configure MFA for root users and create IAM users for the management accoun

ITGix - Landing Zone - Implementation steps 3

Create Organizational Units (OUs) and Accounts

Using Terraform, create necessary OUs and AWS accounts

ITGix - Landing Zone - Implementation steps 4

Enable Identity Center and Configure IDP Integration

Set up AWS SSO and integrate with identity providers

ITGix - Landing Zone - Implementation steps 5

Prepare S3 and DynamoDB for Terraform State

Set up state management for Terraform across accounts

ITGix - Landing Zone - Implementation steps 6

Provision Services Across Accounts

Deploy necessary services using Terraform in management, shared services, logging/auditing, and application accounts

Security Features

ITGix - Landing Zone - Security Features

Web Application Firewall: Protects inbound traffic

 

Network Firewall: Inspects and secures outbound traffic

 

DDOS Protection: Optional Protection via AWS Shield Advanced

 

Intrusion Detection and Vulnerability Scanning: Automated scan to detect and mitigate threats

 

Security Standard Compliance: Automated scanning for compliance with PCI DSS, NIST, and CIS Benchmarks

ITGix's AWS Landing Zone - secure, compliant, and efficient from day one. Contact us today to learn more