Why do you want AWS Control Tower?

Governance and compliance for your enterprise cloud landscape can be complex and time consuming. Control Tower helps you to quickly set up a multi-account well-architected Landing Zone that follows best practices.

Control Tower helps you manage compliance policies, detective and preventive controls, service portfolios, account life-cycles, cost and much more. Avoid the Undifferentiated Heavy Lifting and use what AWS gives you out of the box. That way you can focus on your customers.

The setup process

For the setup process I recommend using a new account. Therefore you will need 3 email addresses: One for the new account, which will become the management…


Why Do We Need Data Governance?

Every organisation needs to protect their data to avoid any leakages of confidential information and to meet regulatory requirements, such as GDPR (General Data Protection Regulation). A data protection strategy articulates how an organisation can be protected from data loss and the processes and controls that need to be in place for personal data. An ongoing data governance approach makes sure that the data management is performed in a secure and adequate way that aligns with your data protection strategy.

If we deal with sensitive PII (personal identifiable information) then we need more security controls compared to a solution that…


In my previous blog “Governance & Compliance Automation With AWS Config” we looked into the core concepts of AWS Config, how to set up compliance rules and automatically remediate them. In this write-up we will explore how AWS Config Aggregator can be used in an enterprise environment spanning all accounts and multiple regions.

Why Do You Need Enterprise Governance?

Every organisation wants to enable their teams to get new features out quickly to improve the digital customer experience. In large organisations there are typically inconsistent maturity levels between teams. …


Why Do You Need Governance and Compliance Rules?

Every organisation wants to improve the digital customer experience and speed up their release cycles to be ahead of the game. This means our environments and application footprints are continuously changing. Continuous change also means that there is a risk of misconfiguration, which can lead to malfunctions or security issues.

Therefore we want the configuration of our AWS resources continuously assessed, audited and evaluated. This is exactly what AWS Config does and once an unexpected configuration change is detected it can automatically be remediated if required.

How Does it Work?

AWS Config continuously monitors and records our configurations and allows us to automate the…


A few days ago I passed the AWS DevOps Professional exam and in this write-up I will share what I found useful in getting ready for the exam.

Why Should You Do the Exam?

The exam focuses on automating software development lifecycle, policies, standards, high availability and DR. All of those areas are very much needed for enterprise cloud solutions. The knowledge you gain during the preparation will help you to leverage the automation capabilities in the right way and keep your deployments maintainable, secure, scalable and resilient.

The exam focuses on the following six domains:


Imagine …

You are five years old,
it is Christmas time …

you are excited about Santa Claus bringing you that one present you were dreaming of for almost a year.

You are also amazed how Santa can actually do that: deliver presents to so many children all over the globe in one night — he must be a superhero!

Agile Santa
Agile Santa

Jingle Bells, Jingle Bells

Finally the time has come. You understand that he had no time to say hello — but he left you a wrapped gift box. Is it really that little white matchbox car that you were hoping for? …


What are Alexa Skills?

Alexa Skills are applications that extend the out-of-the-box capabilities of your Echo home assistant - similar to an app for your phone.
Before we get into the testing approach, I want to provide a short refresher on Alexa terminologies:
1. Skill: An application for Alexa - e.g. a trip planner
2. Intent: Representation of a particular action within a Skill - e.g. my next train
3. Utterance: Different ways of triggering an Intent - e.g. when does my next train depart
4. Slot: A parameter that can be used together with an Utterance to trigger an Intent - e.g. …


Last week I had the privilege of attending the AWS Partner Network Ambassador Global Summit in Seattle. A deep-dive session on Outposts triggered some thinking around the opportunities that Outposts offer. AWS Outposts bring native AWS services, infrastructure, and operating models to virtually any data centre, co-location space, or on-prem facility. You can extend your on-prem environment to AWS and leverage cloud native services across both worlds: public cloud and on-prem.

The service is not in GA (general availability) yet, but we can expect it to go live soon. Looking at the overall capabilities it is becoming clear that there…


Over the last few years Gerald Bachlmayr and Andrew Khoury have been responsible for building many Landing Zone implementations for a variety of customers across several industries.

In this blog post we’ll explain what a Landing Zone is, why you need one, and how they’re typically built in Enterprise environments. We’ll give you our recommendations for what to focus on in your cloud journey, and explore what happens when you leverage Amazon’s Landing Zone solution instead of building your own.

Why do we need Landing Zones?

Before you can launch production-ready applications in the cloud, your organisation needs to build and configure the fundamental components to…

Gerald Bachlmayr

AWS Chief Architect at Hostopia Australia.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store