Sign up for our newsletter! →


What is a Landing Zone?

Written By
Landing zones by Jenny Tang

For most companies shifting to the cloud, the cloud environment and resources needed to set up numerous accounts is complex. The challenge grows when balancing efficiency with security–organizations want complete cloud environments as soon as possible without overlooking key elements such as establishing firewalls or access controls. Addressing this issue begins with a landing zone, a secured and well-architected multi-account cloud environment that acts as a starting point or template allowing organizations to quickly deploy users, accounts, and environments for business needs. It assists with automatically creating repeated workload accounts securely with customized baseline parameters, provides scalability as resources are configurable to match the needs of the organization, and provides security by dividing teams into multiple accounts for isolated workloads.

Benefits of Landing Zones

Configurable Automation

Landing zones are most efficiently deployed when using infrastructure as code (IaC) due to their ability to provision computing infrastructure in a cloud environment using code or configuration files. Codifying infrastructure into templates reduces the time and effort required for manual processes, such as spinning up multiple instances or laboriously navigating a user interface. IaC can automate the provisioning of infrastructure to create environments within minutes, facilitate duplication of resources and/or environments, and reduce configuration errors made by human mistakes.


Landing zones leveraging IaC grant a high degree of versatility and control over infrastructure provisioning and management. IaC also provides granular control over resource configurations and dependencies that fit the organization’s landing zone needs. Additionally, the flexibility of IaC spans multiple cloud providers, including AWS, Azure, Google Cloud, and more.


A landing zone provides a standardized architectural blueprint that includes network layout, security configurations, and logging based on best practices and security standards. Security within the cloud environment is one of the primary objectives of the landing zone and may incorporate data encryption, network segmentation, separation of duties, and more. Policy customization across accounts can dynamically secure the landing zone to fit organization requirements. Data isolation in the multi-account landing zone reduces the impact of potential security threats by containing incidents to their respective accounts.

Cost Optimization

Expenses can swell significantly in a cloud environment, especially when organizations lack a defined understanding of required resources and associated financial impact. Before starting cloud migration, a landing zone roadmap or architecture diagram must be prepared to assess infrastructure specifications. A robust design and planning phase creates a vital perspective of necessary resources, how they structurally interconnect, and their costs.


By leveraging Infrastructure as Code (IaC) principles, organizations can automate provisioning and enforce security and compliance within their landing zones. The landing zone architecture diagram assists with mapping resources and costs in the cloud environment. A landing zone leveraging IaC accommodates varying workloads and scales dynamically by defining assets and auto-scaling policies within code according to traffic patterns, performance, costs or business requirements.

Browse Our Categories

Relevant Blogs

Jeff Pemberton, Google Cloud, Carbon footprint, Hanabyte blog
Cloud Security

Reduce Your Carbon Footprint in Google Cloud (and be more secure!)

Google has many services that can be leveraged to create a low cost, secure environment for your cloud infrastructure; Load Balancing, Google Kubernetes Engine (GKE), Cloud Security Command Center, Intrusion Detection System, and Identity and Access Management (IAM). Google’s security mindset and sustainability initiatives overlap and strengthen each other in several ways.

Read More →
hanabyte blog, snowflake, haabyte, Patrick Davis
Cloud Security

Decoupling Security Data with Snowflake

By harnessing the power of a security data lake on a data platform like Snowflake, you can leverage near-infinitely scalable compute and storage capacity to change the story. With Snowflake’s ecosystem, you can ingest security data in any format and store it together.

Read More →