The Flux7 Landing Zone

To support DevOps CI/CD efforts and increase velocity of application and services delivery, an integrated toolchain customized to the unique needs of the team is required. Mapping the myriad of possible tool combinations and coming to consensus can be difficult, particularly without first-hand experience with individual DevOps tools. The result can be over-engineering with overlapping tool functionality or a toolchain that fails to run smoothly and contains functional gaps.

Although we’ve implemented hundreds of DevOps projects, few toolchains are identical. Just as DevOps itself differs from business to business or team to team, so do the toolchains that produce real value, increasing efficiencies, removing constraints and automating activity. While many DevOps technologies are commonly deployed, it’s also important to use tools teams are familiar with, address a particular unique need, or provide unique monitoring and security capabilities. As AWS consulting partners, we rely on Amazon for the bulk of Infrastructure as Code technology, building in cloud agnostic components where it makes sense.

Landing Zone


Amazon VPC
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define.

AWS Organizations
AWS Organizations offers policy-based management for multiple AWS accounts. With Organizations, you can create groups of accounts and then apply policies to those groups.

AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.

AWS Service Catalog
AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS. These IT services can include everything from virtual machine images, servers, software, and databases to complete multi-tier application architectures. Flux7 is an AWS Service Delivery Partner for AWS Service Catalog.

VPC NAT Gateway
You can use a network address translation (NAT) gateway to enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances.

Amazon Route 53
Amazon Route 53 is a highly available and scalable cloud DNS web service. It is designed to give developers and businesses an extremely reliable and cost-effective way to route end users to Internet applications by translating names into the numeric IP addresses.

AWS Direct Connect
AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS. Using AWS Direct Connect, you can establish private connectivity between AWS and your datacenter, office, or colocation environment.

Amazon CloudFront
Amazon CloudFront is a global content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to your viewers with low latency and high transfer speeds.

AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. Flux7 is an AWS Service Delivery Partner for AWS WAF.

AWS Directory Service
AWS Directory Service for Microsoft Active Directory, also known as AWS Microsoft AD, enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud.

Cisco Transit VPC
A transit VPC simplifies network management and minimizes the number of connections required to connect multiple VPCs and remote networks.

Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications.


At Flux7, we use a Security by Design framework. By building security in from the outset, we are able to code in security controls, and ensure best practices for handling personally identifiable information and PCI requirements are used. With compliance being an outcome of good security, Flux7 focuses on architecting secure systems from the ground Every 100 milliseconds of downtime cost Amazon one percent in sales and Google found that an extra .5 seconds in search page generation time dropped site traffic by 20 percent. Clearly, downtime and poor performance has a direct impact to retailers. For Rent-a-Center, Flux7 implemented best practices to help insure their systems from within against risk factors that would attribute to poor performance online. Introducing DevOps automation — including auto scaling of its containerized SAP Hybris application — Rent-A-Center increased the scalability and availability of its eCommerce site, meeting a 42% increase in traffic over Black Friday without missing a beat.


AWS CloudFormation
AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment. CloudFormation allows you to use a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. Flux7 is an AWS Service Delivery Partner for AWS CloudFormation.


A Docker container image is a lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries, and settings.


HashiCorp Terraform
HashiCorp Terraform enables you to safely and predictably create, change, and improve infrastructure. It is an open source tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned. Flux7 is a HashiCorp Partner


CloudBees Jenkins
Jenkins is an open source automation server. With Jenkins, organizations can accelerate the software development process by automating it. Jenkins manages and controls software delivery processes throughout the entire lifecycle, including build, document, test, package, stage, deployment, static code analysis and much more.


RedHat Ansible
Ansible is simple, agentless IT automation technology that can improve your current processes, migrate applications for better optimization, and provide a single language for DevOps practices across your organization. Flux7 is a RedHat Ansible partner.


Chef ensures that configuration policy is flexible, versionable, testable and human readable. Servers managed by Chef are continuously evaluated against their desired state, ensuring that configuration drift is automatically corrected, and configuration changes are universally applied.


Bitbucket Pipelines with Deployments lets you build, test and deploy with integrated CI/CD. Benefit from configuration as code and fast feedback loops.


AWS Opsworks
AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed and managed across your Amazon EC2 instances or on-premises compute environments.


Use GitHub on-premises with your own servers or in a private cloud with GitHub Enterprise. Improve your developer efficiency with flexible deployment options, centralized permissions, hundreds of integrations, technical support, and more.


AWS CodeCommit
AWS CodeCommit is a fully-managed source control service that makes it easy for companies to host secure and highly scalable private Git repositories. CodeCommit eliminates the need to operate your own source control system or worry about scaling its infrastructure.


CloudBees Jenkins
Jenkins is an open source automation server. With Jenkins, organizations can accelerate the software development process by automating it. Jenkins manages and controls software delivery processes throughout the entire lifecycle, including build, document, test, package, stage, deployment, static code analysis and much more.

AWS CodeDeploy
AWS CodeDeploy is a deployment service that automates application deployments to Amazon EC2 instances, on-premises instances, or serverless Lambda functions.

AWS CodePipeline
AWS CodePipeline is a continuous integration and continuous delivery service for fast and reliable application and infrastructure updates. CodePipeline builds, tests, and deploys your code every time there is a code change, based on the release process models you define.

AWS CodeBuild
AWS CodeBuild is a fully managed build service that compiles source code, runs tests, and produces software packages that are ready to deploy. With CodeBuild, you don’t need to provision, manage, and scale your own build servers. CodeBuild scales continuously and processes multiple builds concurrently, so your builds are not left waiting in a queue.

Python is a programming language that lets you work more quickly and integrate your systems more effectively. You can learn to use Python and see almost immediate gains in productivity and lower maintenance costs.

JFrog Artifactory

Artifactory helps you speed up development by fitting in seamlessly with how your team works and providing them with a powerful API for automating processes.


AWS Config Rules
AWS Config allows you to codify your compliance with custom rules in AWS Lambda that define your internal best practices and guidelines for resource configurations. Using Config, you can automate assessment of your resource configurations and resource changes to ensure continuous compliance and self-governance across your AWS infrastructure. Flux7 is an AWS Service Delivery Partner for AWS Config.

AWS CloudTrail
AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. Flux7 is an AWS Service Delivery Partner for AWS CloudTrail.

Amazon EC2 Systems Manager
AWS Systems Manager gives you visibility and control of your infrastructure on AWS. Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources. Flux7 is an AWS Service Delivery Partner for Amazon EC2 Systems Manager.

AWS X-Ray helps developers analyze and debug production, distributed applications, such as those built using a microservices architecture. With X-Ray, you can understand how your application and its underlying services are performing to identify and troubleshoot the root cause of performance issues and errors.

Amazon Inspector
Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for vulnerabilities or deviations from best practices.

SonarQube provides the capability to not only show the health of an application but also to highlight issues newly introduced. With a Quality Gate in place, you can fix the leak and therefore improve code quality systematically.

Build, run and secure your AWS, Azure, Google Cloud Platform or Hybrid applications with Sumo Logic, a cloud-native, machine data analytics service for log management and time series metrics.

Aggregate, analyze and get answers from your machine data. Trigger custom actions and workflows to automate the collection and indexing of machine data critical to your organization’s operations and performance.


Amazon EC2 Parameter Store
AWS EC2 Systems Manager provides a centralized store to manage your configuration data, whether plain-text data such as database strings or secrets such as passwords. This allows you to separate your secrets and configuration data from your code. Flux7 is an AWS Service Delivery Partner for AWS EC2 Systems manager, which contains Parameter Store.

Hashicorp Vault
HashiCorp Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Vault handles leasing, key revocation, key rolling, and auditing. Flux7 is HashiCorp partner with special services regarding Vault.

Ansible Vault

Vault is a feature of ansible that allows keeping sensitive data such as passwords or keys in encrypted files, rather than as plain text in your playbooks or roles. These vault files can then be distributed or placed in source control. Flux7 is a RedHat Ansible Partner.

Chef Data Bags
Data bags store global variables as JSON data. Data bags are indexed for searching and can be loaded by a cookbook or accessed during a search.