Appvia Ltd

AWS Landing Zone

We deliver a fully automated AWS Landing Zone solution, based on the AWS Landing Zone Accelerator (LZA) TSE-SE project and aligned with AWS best practices. Our service delivers a fully-automated as code solution, ensuring robust infrastructure setup, governance, security and operational excellence, enabling seamless cloud adoption and scalability.

Features

• Automated AWS Landing Zone setup following best practices.
• Adherence to AWS Well-Architected Framework and 6 Pillars.
• Infrastructure configured as code for consistent reliable deployment.
• Comprehensive governance framework implementation.
• Security controls baked-in aligning to CIS, NIST, NCSC frameworks.
• Leverages well-known tooling; Terraform, CloudFormation, Checkov, Infracost, TFSec.
• Builds upon the official AWS Landing Zone Accelerator project.
• Centralised cross-account networking, ingress & egress controls and DNS management.
• Centralised billing, cost optimisation and FinOps Cloud Intelligence dashboards.
• Fully documented, delivered through paired working and training.

Benefits

• Compliance with CIS, NIST and other cloud security principles.
• Scalable architecture grows with business demands, ensuring future readiness.
• Enhanced security safeguards critical data and minimises risk exposure.
• Cost-effective solution minimises expenditure on manual processes.
• Accelerated cloud adoption reduces time to market for organisations.
• Govern multi-account, multi-tenant estates leveraging AWS best practices.
• Reduced complexity simplifies cloud migration and management for clients.
• Enable tenants to self-serve services within security guardrails.
• Constantly evolving offering to support the latest cloud native technology.
• Reduce risk by engaging an experienced delivery partner.

£60,000 a unit

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@appvia.io. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

104712871805632

Contact

Appvia
0203 488 4234
info@appvia.io

Planning

• Planning service: Yes
• How the planning service works: We facilitate a series of collaborative workshops with relevant stakeholders (platform leads, architects, network engineers, security, etc), covering:; ; - A review of current infrastructure, architecture, working practices and responsibility matrix (RACI).; - A retrospective with stakeholders to identify challenges within their existing AWS Organisation.; - Review and define an optimal organisational structure and governance, including account structure, service control policies, cost allocation, tagging strategies, security services and compliance controls.; - Evaluate networking architecture and design, covering connectivity requirements to design a secure, scalable and cost-efficient solution.; - Define the operating model, including a responsibility matrix, authentication, authorisation, and continuous integration / deployment (CI/CD) pipelines.; ; These initial workshops provide a comprehensive understanding of the buyer's existing environment and working processes, and inform the design and implementation of a AWS Landing Zone implementation aligned to the Well-Architected Framework and tailored to the buyer's bespoke requirements.; ; Through a fully automated as code approach, we orchestrate the setup of the AWS Landing Zone, configuring all infrastructure components including networking, identity, security and governance, using IaC principles. This automation not only accelerates the implementation process but also ensures consistency and reliability across environments.
• Planning service works with specific services: Yes
• Hosting or software services the planning service works with:
  • Amazon Web Services (AWS)
  • Infrastructure as Code, Terraform, CloudFormation
  • Kubernetes (EKS)
  • Docker and containerisation
  • Container Registries (ECR)
  • Continuous Integration and Continuous Deployment
  • Platform and Application level monitoring
  • Centralised Logging
  • Identity Management

Training

• Training service provided: Yes
• How the training service works: We believe in fostering collaboration and empowering our clients to take ownership of their AWS Landing Zone solution. As part of our comprehensive service offering, we strongly recommend paired working sessions designed to equip your platform engineers with the knowledge and skills necessary to effectively manage and maintain the implemented infrastructure.; ; Our training approach is hands-on and interactive, ensuring active participation and engagement from your team members. Through a series of workshops and practical exercises, we guide your engineers through every aspect of the AWS environment, covering topics such as organisation and infrastructure setup, governance policies, security best practices, and operational workflows.; ; Rather than simply delivering a solution and walking away, we prioritise knowledge transfer and skill development, enabling your team to become self-sufficient in managing the AWS Landing Zone. By actively involving your platform engineers throughout the delivery process, we not only ensure a smooth transition but also foster a deeper understanding and sense of ownership over the solution.
• Training is tied to specific services: Yes
• Services the training service works with:
  • Amazon Web Services (AWS)
  • Landing Zone Accelerator (LZA)
  • Terraform
  • CloudFormation
  • CodeCommit / CodePipeline
  • SSO Identity Center and IAM
  • Transit Gateway, VPN and related networking components
  • AWS Organizations, Control Tower, Security Control Policies (SCP)
  • Security Hub and AWS Config
  • GitHub / GitLab

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: Our AWS Landing Zone Solution, designed in accordance with the Well-Architected Framework Pillars and leveraging the official AWS Landing Zone Accelerator, facilitates a smooth transition to leveraging AWS cloud services. By adhering to AWS’ best practices, we ensure that our service provides a robust and secure foundation in the cloud for your applications. Our fully automated solution minimises human error and expedites repetitive tasks, establishing strong governance and operational controls from the outset.; ; This service simplifies cloud adoption by standardising and automating the configuration of foundational and org-level tasks such as; account provisioning, policy control, SSO and least-privileged access, IP address management (IPAM), network connectivity (across cloud and on-prem), traffic management (ingress/egress and firewall rules), security policies (SCPs, AWS Config, Security Hub, GuardDuty), among others.; ; Secure automation of these critical tasks enables your teams to focus on strategic operations rather than common infrastructure challenges. Scalability is considered within all design stages of the solution, ensuring that as your business grows (whether via migration strategies or otherwise), your AWS environment can efficiently adapt to support increased workloads, without compromising on performance or security.
• Setup or migration service is for specific cloud services: Yes
• List of supported services:
  • Amazon Web Services (AWS)
  • Microsoft Azure
  • Google Cloud Platform (GCP)
  • VMWare
  • OpenStack
  • Bare Metal

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: At Appvia we employ a thorough approach to every stage of the delivery process, ensuring your AWS Landing Zone solution meets the highest standards of reliability, security, and performance.; ; Our quality assurance covers every aspect of your infrastructure setup, governance policies, security controls, and operational workflows. Through templated and automated testing suites, and manual validation processes, we verify the functionality and integrity of your deployment approach and provisioned environments.; ; During the engagement we also provision a skeleton AWS organisation, used as a validation point before making changes to production; ensuring changes are safely validated prior to reaching any production environments.; ; We implement and configure cloud-native monitoring tools to track system performance, security incidents, and compliance adherence across the Organisation. This proactive approach enables you to swiftly address any anomalies or potential issues before they impact operations.; ; Our adherence to industry best practices, including the AWS Well-Architected Framework, ensures that your solution is not only robust but also aligned with recognised standards for cloud excellence.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security incident management
  • Security audit services

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by your organisation
  • Hosting or software provided by a third-party organisation
• How the support service works: We offer comprehensive support services to ensure the ongoing success and smooth operation of your AWS Landing Zone solution.; ; Our dedicated support team is available to provide timely assistance and expert guidance whenever you need it. Whether you encounter technical challenges, have questions about best practices, or require troubleshooting assistance, our certified support professionals are available to help.; ; We offer various support channels, including a dedicated support portal, documentation, wiki articles, video and screen sharing sessions. Our responsive support team strives to provide prompt resolutions to your inquiries, minimising downtime and maximising productivity. Our support team is fully in-house, based in the UK, certified with AWS and experienced in both delivering and managing AWS Landing Zone solutions.

Service scope

• Service constraints: N/A - requirements will be defined as part of the service

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We have strict SLAs for response times depending on the priority of the issue, varying from a production P1 incident up to a P4 general query. Our SLAs define response times as within 1 hour for the highest priority issues, for which we have on-call teams available 24/7 who are immediately notified in the event of an issue being raised.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: N/A - This testing is completed by the product vendors we use.
• Support levels: Definitions:; Response: The time interval from when a customer raises a new issue, to when an Appvia support agent acknowledges the request and starts work on it.; Normal Business Hours: 9am - 5pm local UK time, Monday to Friday excluding UK Bank Holidays.; Enhanced Support Hours: 24 hours a day, 7 days a week, including UK Bank Holidays.; ; Standard Support Package:; P1, 4 hours response, Normal Business Hours; P2, 1 day response, Normal Business Hours; P3, 2 days response, Normal Business Hours; P4, 5 days response, Normal Business Hours; ; Enterprise Support Package:; P1, 1 hour response, Enhanced Support Hours; P2, 4 hours response, Enhanced Support Hours; P3, 1 day response, Normal Business Hours; P4, 2 days response, Normal Business Hours; ; A Technical Account Manager is provided as part of undertaking an on-going support contract.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 17/10/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • Certified Kubernetes Security Specialist
  • AWS Certified Security - Specialty
  • Microsoft Certified: Azure Security Engineer Associate
  • Microsoft Certified: Cybersecurity Architect Expert

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Appvia's core purpose is to aid organisations in migrating to the Cloud, a more environmentally friendly and sustainable alternative to data centres by up to 93%. Appvia holds itself accountable to active action by its commitment to become Net Zero by 2050 and its Certified B Corp status. Businesses that hold this certification have been externally validated as operating at the highest levels of ethical, social and sustainability standards. It communicates Appvia’s dedication to creating positive impact as a business.; ; To achieve Net Zero and help fight climate change, Appvia has adopted the following carbon reduction targets. Short-term projections show that carbon emissions will decrease to 38.8 tCO2e by 2028. This is a reduction of 18.5%. Emissions will be reviewed annually against the 2023 baseline and published on the company website.; ; Appvia reports no emissions for Scope 1 or 2. The mentioned emissions are from Scope 3 which are emissions that the company itself does not produce, but by those that it’s indirectly responsible for in the value chain. Therefore to reduce Scope 3 emissions, Appvia will:; prioritise partnerships with suppliers that have a sustainability focus to become Net Zero by 2050 or earlier. The target for the end of 2024 is that 20% of suppliers will have this priority; reduce business travel emissions by 3.3% each year by encouraging business travel on public transport and using the company’s Cycle to Work Scheme; implement an electric car salary sacrifice scheme with a B Corp company. The scheme will be rolled out to eligible employees with email communication about the new benefit and a webinar to learn about the advantages and ask questions. The target is 15% uptake by the end of 2024; ; These targets will be monitored and reported on annually by People Operations.

  Covid-19 recovery

  To support the physical and mental well-being of its employees Appvia offers private healthcare as a benefit. Private healthcare is advantageous to health and care services by reducing the demand put on it. To aid the Covid-19 recovery, Appvia will make private healthcare a day-one benefit by the end of Q2 of 2024, replacing the current initial 3 months of postponement. Another target is to increase the number of employees signed up to the private healthcare scheme from 55% to 90% by the end of Q3 of 2024. This will be done by advertising the wide array of benefits the scheme offers, like mental health support and discounted gym memberships, through various channels such as the company Slack and email. People Operations will be responsible for communication and monitoring of uptake.; ; Appvia will continue its partnership with the University of Wales where it offers students the opportunity to gain hands-on experience learning with professional DevOps. The engineers teach subject matter such as Cloud computing and explain the technical challenges they face and how they overcome them. The target is annual workshops with 3 of Appvia’s DevOps, organised and monitored by the People Operations team.; ; Whilst new ways of working were introduced at Appvia during the height of Covid-19 like hybrid working and social distancing, further initiatives continue to be implemented. The isolation caused great stress and some people have struggled to return to life post-Covid. Appvia will host regular social events that encourage collaboration and teamwork varying from remote team quiz events to board game evenings. This mix of events provides inclusivity to those who are vulnerable and shielding at home. A target for 2024 is to increase attendance from an average of 63% to 80%. Attendance and feedback mechanisms will be monitored by People Operations to guarantee engagement.

  Tackling economic inequality

  By the end of Q3 2024, Appvia will have launched its Academy programme and enrolled five candidates. This programme will focus on hiring people who have completed training through the AWS re/Start scheme and upskilling them internally. This aims to tackle economic inequality as individuals can access the AWS re/Start scheme for free providing them with core AWS training alongside other areas such as security and networking. The scheme does not require any prior experience or qualifications, except a high school diploma of GED equivalent, which creates accessibility for careers in the cloud that may have been unavailable without it. Creating an Academy at Appvia means that talented and dedicated individuals are given job opportunities, with training provided in-house, without barriers such as university fees preventing them from doing so.; ; Alongside the Academy, Appvia will create between 20 to 60 new job opportunities in 2024 to support economic growth. Talent Acquisition will monitor and report on this target quarterly to SLT. Appvia is an inclusive employer so these roles will be accessible to everyone regardless of their background. ; ; Appvia currently participates in several measures to uphold its part as an ethical business. In 2024 these standards will be expanded throughout its supplier chain. This means asking suppliers to follow the Prompt Payment Code, a code of practice for businesses to encourage supplier payment in 30 to 60 days. This allows businesses to budget effectively and can be especially helpful for start-ups and small businesses. To help mitigate unnecessary cyber security risks, suppliers will be required to obtain Cyber Essentials certification. Appvia will also ask suppliers to join in its support of the Better Act, a coalition to change the law meaning businesses will have to consider the social and environmental impact of decisions, rather than just profits.

  Equal opportunity

  To tackle workforce inequality Appvia will promote social integration with a series of key activities. ; ; As a signatory of Tech Talent Charter, Appvia agrees to annually provide anonymised diversity data enabling companies to understand diversity in the tech space. Having market statistics means that Appvia can benchmark itself accordingly and see where improvements can be made. ; ; The engineering field is underrepresented by women, so Appvia will increase its involvement with the charity Codebar to help address this issue. Codebar empowers minorities in the tech space by organising free workshops for them to attend where they can strengthen their skills like coding. Appvia will host 3 of these workshops annually, as well as provide coaches. These workshops provide a space to help disadvantaged groups, including women, feel more confident in their abilities amongst their peers, reducing barriers to progression. ; ; To improve diversification in the workplace, Appvia will be attending job fairs hosted by Codebar and other relevant organisers to advertise and discuss job opportunities with a diverse talent pool. The People Operations team will be responsible for monitoring diversity data within Appvia and ensuring market standards are met or exceeded. Monthly reporting will guarantee that progress is being made. Any issues will be highlighted, allowing for corrective action to be taken such as reviewing hiring practices.; ; To help reduce the disability employment gap, Appvia will implement the following measures to make applying for a role a more accessible process. The measures to be completed Q2 of 2024 will include:; Updating the website by; introducing a vivid and calm version, changed by a toggle, so that people with ADHD don’t feel overwhelmed; allowing manual font size adjustment for the visually impaired; Introducing remote-only contracts for people unable to travel to the office due to their disability

  Wellbeing

  While Appvia has several measures in place to ensure the optimal health and wellbeing of its employees, such as private healthcare, a cycle-to-work scheme and free therapy, continual improvement is always required.; ; By the end of Q3 of 2024, Appvia will increase the number of trained mental health first aiders in the company from 10% to 20%. Training will be organised by People Operations. Having more trained mental health first aiders means more resources available for employees to share any difficulties they may experience and be offered support.; ; By the end of Q4 of 2024, Appvia will have rolled out a new Wellness Programme which will provide opportunities for employees to prioritise their physical and mental health. The Programme will introduce 5 mental health days so employees can take time off work to focus on their mental health. Daily exercise breaks will be booked into people’s calendars to remind them to move their bodies. Employees will be encouraged to have an optimised work-life balance by not checking work messages outside of working hours. The Programme will be implemented and rolled out by People Operations.; ; Appvia hosts quarterly Meetups for Cloud Platform Engineering London to strengthen the engineering community in London. These events help to educate people who want to learn about cloud, infrastructure and Kubernetes. They are free to attend to facilitate knowledge-sharing amongst peers and create easy access to information in the tech space. The Meetups improve community integration through the collaboration of external speakers from competing companies who come together to discuss shared interests. They also provide networking opportunities and foster a sense of belonging. Appvia will continue to host these events every 3 months, organised by the Talent Acquisition team, for the foreseeable future.

Pricing

• Price: £60,000 a unit
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@appvia.io. Tell them what format you need. It will help if you say what assistive technology you use.