Getting Started
This guide provides a step-by-step walkthrough for configuring and deploying the Data Landing Zone (DLZ). The DLZ streamlines the setup of a secure, scalable, and well-architected multi-account AWS environment. Let’s get started!
Quick Start
Prerequisites
Before starting, ensure you have the following tools installed and configured:
- AWS CLI: Installed and configured with credentials. Use an SSO User or IAM User in the management
account with admin access or permissions to assume CDK roles and perform deployments. Ensure the AWS profile is
properly configured in your
~/.aws
config files. - Node.js: Version 18 or higher.
- AWS CDK: Installed globally using
npm install -g aws-cdk
.
Step 1: Create a New CDK Project
Begin by creating a new AWS CDK project:
Step 2: Install the package
Install the AWS Data Landing Zone package:
Step 3: Create the Configuration
Define the basic configuration parameters for the DLZ. It is recommended to create this configuration in a separate file,
such as config.ts
or config.py
, as it will be used by both CDK and local scripts.
Refer to the example projects for guidance:
The configuration requires the following:
- Control Tower: Ensure Control Tower is already set up. For details, see SOP - Control Tower Setup.
- Local Profile: Specify the AWS profile for local scripts like deploy and bootstrap. See Scripts and Commands for more details.
- Regions: Define the global and regional AWS regions. The global(home) region is where Control Tower is deployed, while the regional regions are additional managed regions. See Regions for more information.
- Mandatory Tags: Specify the mandatory tag values required for resources. Refer to Tagging for details.
- AWS Organization: Provide details about your AWS Organization, including the Organization ID, OU IDs, and Account IDs. Copy the IDs of accounts created by Control Tower, such as the management, security log, and security audit accounts. Additional accounts can be created manually or moved under the Workloads OU. For more details, see AWS Organization. In the code snippet below, we define a single development account.
Step 4: Use the Configuration in CDK
Pass the configuration to the Data Landing Zone construct. This will create the necessary stacks in the appropriate AWS accounts and regions. For more information, see Deployment Order.
Step 5: Bootstrap Accounts
All accounts and regions need to be CDK bootstrapped before deploying.
The DLZ provides utility functions that abstract the complexity of common tasks such as bootstrapping accounts across regions, running CDK diff or deploy commands, setting cost allocation tags, and more.
Use the bootstrapAll
script or perform the process manually using bash and AWS CDK commands.
See Scripts and Commands for more details.
Let’s use the scripts. Create a standalone script file (e.g., scripts/bootstrap.ts
or scripts/bootstrap.py
) to handle bootstrapping.
The script uses the configuration file to identify the accounts and regions requiring bootstrap. This is why the
configuration file is standalone file, to be shared between the CDK and the scripts.
Then run the script:
Then run the script:
Step 6: Deploy
Similar to the bootstrapAll
script, a deployAll
(deploy_all
) script is also available.
Then run the script:
Then run the script:
Alternatively deploy the CDK application with the following command:
Next Steps
This guide covers the minimal setup required to get started. At this stage, only a few resources are deployed. Explore the documentation to learn about advanced configurations and features, such as creating non-overlapping VPCs, bastions, NAT gateways, Lake Formation setups and many more.