The SLZ deploys a standard set of management groups that are used to organize resources and manage policy assignments. This set also has the following recommended usage patterns:
- Connectivity - Used to host platform workloads that provide core networking capabilities
- Identity - Used to host platform workloads that provide identity management, access, and syncing capabilities
- Management - Used to host platform workloads that provide core monitoring and alerting capabilities
- Corp - Used to host application workloads that do not need to be accessed from the public internet
- Public internet access restriction is provided by enabling the ALZ Policies
- Confidential Corp - Used to host application workloads that do not need to be accessed from the public internet but require use of confidential computing
- Public internet access restriction is provided by enabling the ALZ Policies
- Online - Used to host application workloads that do need to be accessed from the public internet
- Confidential Online - Used to host application workloads that do need to be accessed from the public internet but require use of confidential computing
- Sandbox - Used to host isolated environments for testing workloads and capabilities
- Decommissioned - Used to host workloads or capabilities that are retired, but still need to be retained
The policy assignments will provide guardrails designed to support these usage patterns with the Sovereignty Baseline policy initiatives enforcing confidential computing SKUs and if enabled the ALZ policies focus on security best practices.
As organizations use the SLZ they may find it useful refine their management group structure to group workloads further or under different contexts. This can be achieved by using the parLandingZoneMgChildren parameter value to create more sibling management groups to the Corp, Online, and Confidential variants.
Note that custom management groups will need to manage policy assignments to them as post-deployment steps. Further developments will improve upon this customization experience.