Sold by: Horizon Digital
Production-ready AWS multi-account Landing Zone in 4-6 weeks. Control Tower, IAM Identity Center, SCPs, tag policy, budget alerts, handback runbook.
Overview
Horizon Digital stands up a production-grade AWS multi-account Landing Zone in 4-6 weeks: Control Tower, IAM Identity Center, baseline SCPs, tag policy, budget alerts - hardened against the controls our enterprise customers ask about.
Weeks 1-2 - Design: OU structure, account allocation (Security, Audit, Shared Services, Workloads), SSO with IAM Identity Center, SCP guardrails, and a tagging model that puts PRM attribution in place from day one.
Weeks 3-4 - Build: AWS Control Tower (or AWS Organizations + Identity Center + manual SCPs for environments where Control Tower is not a fit), CloudTrail Organization Trails, Config aggregator, GuardDuty, Security Hub, AWS Budgets, and the aws-apn-id tag policy.
Weeks 5-6 - Handback: Production-ready Landing Zone, written runbook covering account onboarding, IAM Identity Center user/group/permission set management, SCP changes, and budget alert response, plus a 30-day post-handback support window.
Who this is for:
- SMB tier - 4-week Standard Landing Zone: 3-10 accounts, single-region default (multi-region available), Control Tower-managed, baseline SCPs.
- Enterprise tier - 6-week Hardened Landing Zone: 10+ accounts, multi-region, custom OU design, hardened SCP set with cost and security guardrails, CIS or Essential Eight alignment, integration with the customer SIEM, optional Migration Acceleration Program (MAP) funding partnership.
Why Horizon Digital:
- AWS AI Services Competency partner. HD operates its own production AWS Organization with 13 accounts under hardened SCPs and tag policy enforcement.
- Australian-based delivery team. Privacy-policy-aligned to the Australian Privacy Principles (APP).
- Pairs naturally with AWS Migration Acceleration Program (MAP) funding - up to approximately 50 percent of professional services fee may be customer-funded by AWS.
Related AWS services: AWS Control Tower, AWS Organizations, IAM Identity Center, AWS Config, AWS CloudTrail, AWS GuardDuty, AWS Security Hub, AWS Budgets, AWS Cost Explorer, Resource Groups Tagging API.
Highlights
- Production-ready Landing Zone in 4-6 weeks: Control Tower, Identity Center, SCPs, tag policy, budget alerts. Handed back with a written runbook.
- aws-apn-id tag policy enforced from day one, so PRM attribution and cost governance are clean from the first new account onwards.
- Pairs with AWS Migration Acceleration Program (MAP) funding to offset up to half the engagement fee.
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Pricing
Custom pricing options
Pricing is based on your specific requirements and eligibility. To get a custom quote for your needs, request a private offer.
Legal
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Support
Vendor support
For support, contact support@horizondigital.au .
Support hours: Monday to Friday, 09:00-17:00 AEST/AEDT.
Escalation: Horizon Digital routes inbound support requests internally to the engagement's delivery lead and account manager. Standard response time: 4 business hours.