【Design Guideline】Summary of Design Considerations for AWS

Created date: 2025/05/11, Update date: 2025/05/11

In this blog, we summarize the considerations that should be taken into account when building an AWS environment as "Design Guidelines."

Table of Contents

What is a “Design Guideline”?
Standardization Guideline
Account Design
Identity and Access Management
Detective Controls
Network Design / Infrastructure Protection
Data Protection / Log Management
Operations Management

What is a “Design Guideline”?

When developing systems using AWS, it is common to proceed with the system development workflow, including requirements definition, basic design, detailed design, implementation, testing, and operations.
Standardizing IT environments and operations during system development can improve efficiency and quality.
In AWS, it has become common to build multi-account environments within organizations. By utilizing standardized AWS services in such environments, system development efficiency and quality can be improved.
Establishing a “Standardization Guideline” as part of the formulation of multi-account environments, along with defining design and operational principles, is crucial.
In this blog, the “Design Guideline” outlines the considerations during the requirements definition and basic design phases of the system development workflow, as well as key points for formulating this “Standardization Guideline.”
The “Design Guidelines” for each AWS service are categorized based on the <Example Chapter Structure of Guidelines> described in Best Practices for Formulating AWS Standardization Guidelines | Amazon Web Services Blog .
Note: The related materials linked above are written in Japanese.
The “Design Guidelines” for each AWS service detail the considerations during the requirements definition and basic design phases of the system development workflow, as well as key points for formulating this “Standardization Guideline.”
- However, for “Network Design” and “Infrastructure Protection,” as well as “Data Protection” and “Log Management,” it is easier to proceed with considerations when these categories are combined, so they are not separated in the guidelines.

Standardization Guideline

Under preparation.

Account Design

【Design Guideline】Considerations for Introducing AWS Control Tower to Corporate Structure/Systems

As part of security measures for AWS environments in organizations, it has become common to establis ... [Read more]

【Guidelines】Considerations for Introducing AWS Organizations to Corporate Structure/Systems

When building an AWS environment, it has become common to use a multi-account structure to separate ... [Read more]

Identity and Access Management

【Guidelines】Considerations for Introducing AWS IAM / AWS IAM Identity Center to Corporate Organizations/Systems

AWS IAM Identity Center is a service for centrally managing authentication and authorization of user ... [Read more]

Detective Controls

【Guidelines】Considerations for Introducing AWS CloudTrail to Corporate Organizations/Systems

AWS CloudTrail is a service that monitors activities in your AWS account. When implementing security ... [Read more]

【Guidelines】Consideration for introducing Amazon GuardDuty to Corporate Organization/System

Amazon GuardDuty is a service that monitors and threats activities in the AWS account. In this artic ... [Read more]

【Guidelines】Consideration for introducing AWS Config to Corporate Organization/System

AWS Config is a service that allows you to manage configuration and record changes for AWS resources ... [Read more]

Network Design / Infrastructure Protection

Under preparation.

Data Protection / Log Management

Under preparation.

Operations Management

Thorough explanation of the aws:executeScript action for SSM Automation

SSM automation can execute Python or PowerShell script by using aws:executeScript action. When autom ... [Read more]