About Client
AWS Control Tower Setup
Wine-Searcher is a web search engine that helps find the price and availability of wine, whiskey, spirits, and beer worldwide.
It has been operating since 1999, with offices in New Zealand and the UK. The platform offers search tools, price comparison,
an extensive database, an encyclopedia, and news content to support all wine-finding needs.
- https://www.wine-searcher.com/
- Location: New Zealand & UK
Project Background
Peritos led the AWS Control Tower setup for Wine-Searcher, optimizing their cloud infrastructure.
The implementation streamlined governance, improved compliance, and enabled secure scalability.
Multiple accounts were consolidated and managed using AWS Organizations within Control Tower.
The environment was configured to meet specific business needs, ensuring efficient resource management
and cost control. With built-in automation and governance, Wine-Searcher gained a strong foundation
for future growth while focusing on innovation and user experience.
Scope & Requirement for AWS Control Tower Setup
- Prerequisite: Automated pre-launch checks for the management account
- Step 1: Create shared account email addresses
- Define expectations for landing zone configuration
- Step 2: Configure and launch the landing zone
- Step 3: Review and finalize the landing zone setup
Implementation
Technology and Architecture of AWS Control Tower Setup
- Read about the key components defining the AWS Control Tower architecture for Wine-Searcher
Technology / Services Used
- We used AWS services to set up the following:
- Cloud: AWS
- Organization setup: Control Tower
- AWS SSO integrated with Azure AD credentials
- Policies setup: AWS Service Control Policies (SCPs)
- Templates created for common AWS services
Security & Compliance
- Tagging policies
- AWS Config for compliance checks
- NIST compliance
- Guardrails
- Security Hub
Network Architecture
- Site-to-site VPN using Transit Gateway
- Distributed AWS Network Firewall
- Monitoring with CloudWatch and VPC Flow Logs
Backup and Recovery
- Infrastructure follows AWS Well-Architected Framework with multi-zone availability and 99.99% uptime
Cost Optimization
Alerts and notifications are configured to monitor AWS costs and prevent budget overruns.
Code Management & Deployment
CloudFormation scripts for stack sets and AWS service provisioning were handed over to the client.
Challenges in Implementing AWS Control Tower Setup
- Landing Zone Drift
- Role Drift
- Security Hub Control Drift
- Trusted Access disabled
Support
- 1 month extended support
- A template for Cloud formation stack to create more AWS resources using the available stacks
- In addition, Screen sharing sessions with demo of how the services and new workloads can be deployed.
