01
Landing zone, on rails.
Control Tower with six accounts (prod, non-prod, security, audit, log archive, shared services), SSO, log archive, and guardrails. Provisioned before any workload lands.
SERVICE · 01 OF 04
Cloud architecture that doesn’t outgrow you.
A multi-account landing zone, the production VPC layout, the data plane, the deploy pipeline. We design every layer up front so the first workload you ship doesn’t become the architecture you’re stuck with.
WHAT'S INCLUDED
Three things every engagement ships.
02
Workload architecture.
API design, data plane, queueing, eventing. We pick the AWS service that fits the workload — not the one with the prettiest demo.
03
IaC and deploy.
CDK or Terraform, your call. We ship modules your team can extend, a CI pipeline that gates merges, and a rollback runbook.
OUR APPROACH
We make four kinds of decisions for you.
Account topology
- →Control Tower vs handrolled organisation
- →Shared-services and security accounts
- →Cross-account roles and SSO permission sets
- →Log archive + audit trail (CloudTrail, Config, GuardDuty)
Network & boundaries
- →VPC design, subnetting, Transit Gateway
- →Public surface area, WAF, edge routing
- →Egress strategy and NAT cost control
- →Private connectivity (VPC endpoints, PrivateLink)
Data plane
- →RDS / Aurora vs DynamoDB selection
- →Read replicas, multi-AZ, multi-region trade-offs
- →S3 lifecycle and intelligent tiering
- →Backup, snapshot, and DR runbooks
Compute & deploy
- →ECS Fargate / EKS / Lambda picked per workload
- →Blue/green and canary patterns
- →Image build, SBOM, and signing
- →Cost guardrails: budgets, alarms, anomaly detection
PACKAGES
Pick the shape that fits.
Landing zone
$8,500
- →Control Tower with six accounts
- →SSO + permission sets
- →Centralised log archive + GuardDuty
- →CI pipeline scaffolding
Workload build
from $24k
- →Full data + compute + API plane
- →IaC modules in your repo
- →Daily standup or async digest
- →Handover runbook + diagrams
Retainer
$6k/mo
- →2 days/week on your repos
- →Pager rotation backup
- →Ongoing architecture review
- →Cost optimisation as we go
READY WHEN YOU ARE
Let's get your AWS bill (and architecture) in order.
The discovery call is free. You walk away with at least one concrete idea — even if we never work together.