// Enterprise Foundation Architecture

Multi-Cloud Foundation
Architectures

Enterprise-grade governance frameworks across all four major cloud platforms — with proper account isolation, security controls, centralized logging, and free-tier cost optimization strategies used by Fortune 500 companies.

AWS Organizations Azure Management Groups GCP Organization OCI Compartments
0
AWS Accounts
0
Cloud Platforms
0
Projects Hosted
$10
Avg Monthly Cost

AWS Organizations

11-account hierarchy with OU structure, security isolation, and cost allocation
AWS Organizations Architecture Diagram

A production-grade AWS Organizations setup with 11 accounts across 3 OUs — mirroring the Landing Zone architecture used by enterprise customers. Each account has a specific purpose, ensuring blast-radius containment and clean cost attribution.

6 Foundation Accounts

Management, Security Tooling, Logging Archive, Network Hub, Portfolio Hosting, and Sandbox — never deleted, always running.

5 Workload Accounts

Just-in-time accounts created per certification month — each gets a fresh 12-month free tier, maximizing cost efficiency.

IAM Identity Center SSO

Centralized single sign-on across all 11 accounts with permission sets and attribute-based access control.

Dedicated Sandbox

Safe experimentation environment isolated from production — no risk of impacting live workloads.

Azure Management Groups

Hierarchical subscription management with Azure Policy enforcement and free tier optimization
Azure Foundation Architecture

Azure Management Groups hierarchy with CloudGuard Portfolio as the root, separating Platform and Landing Zones. Azure Policy assignments cascade down the hierarchy, enforcing consistent governance without manual per-subscription configuration.

Management Groups Hierarchy

CloudGuard Portfolio MG with Platform and Landing Zones separation — mirrors Azure CAF (Cloud Adoption Framework).

Azure Policy Governance

Centralized policy enforcement across all subscriptions — allowed regions, required tags, and security baselines.

Free Tier Maximized

10 App Services, 1M Functions executions/month, Cosmos DB 25GB, and B1s VM — all always free.

GCP Organization

cloudguardportfolio.com organization with folder-based hierarchy and Organization Policies
GCP Foundation Architecture

A GCP Organization tied to a custom domain with folder-based project isolation. Shared VPC enables centralized network management, while Organization Policies enforce guardrails across all projects and folders.

Folder Hierarchy

Platform and Landing Zones folders with nested projects — clean separation of shared services from workloads.

Shared VPC

Centralized network management with service projects — all workloads use the host project's VPC.

$300 Credits + Free Tier

e2-micro VM, 5GB Cloud Storage, 2M Cloud Functions invocations, and BigQuery 10GB — always free.

Oracle Cloud Compartments

CloudGuard Portfolio Tenancy with nested compartments and the most generous always-free tier
OCI Foundation Architecture

Oracle Cloud Infrastructure provides the most generous always-free tier of any major cloud provider. The compartment-based hierarchy provides logical isolation equivalent to AWS accounts, with IAM policies enforced at each level.

Nested Compartments

Platform and Landing Zones compartments with IAM policy inheritance — security isolation without separate accounts.

4 Ampere A1 Cores — Always Free

24GB RAM + 200GB block storage — the most powerful always-free compute tier in the industry.

2 Autonomous Databases

20GB each with automatic backups, patching, and tuning — always free, forever.

Cost Optimization Strategy

Achieving 9 AWS certifications for $10–60/month through strategic provisioning

AWS Cost Dashboard

Free Tier Maximization

Each workload account gets a fresh 12-month AWS free tier. By creating accounts just before each certification month, every project benefits from free EC2, RDS, Lambda, and S3 usage.

Just-In-Time Provisioning

Accounts are created right before a certification month begins and all resources are stopped or deleted immediately after the exam — eliminating idle spend.

Strategic Account Reuse

ML and networking accounts are reused across related certifications (MLE → MLS, ANS → SAP) to avoid unnecessary account proliferation.

Automated Budget Alerts

AWS Budgets with SNS alerts at 50%, 80%, and 100% thresholds across all accounts — no surprise bills, ever.

Why This Architecture Matters

Demonstrating enterprise-level thinking beyond typical portfolio projects

Enterprise Architecture

AWS Organizations, multi-account strategies, and security isolation patterns used by Fortune 500 companies — not just a single sandbox account.

Cost Engineering

Achieving 9 certifications for $10–60/month demonstrates FinOps maturity and financial responsibility — a rare skill for cloud architects.

Security by Design

Centralized logging, dedicated security tooling account, IAM Identity Center SSO, and proper blast-radius containment from day one.

Operational Excellence

Documented lifecycle management, automation scripts, and strategic planning that goes well beyond entry-level cloud work.

See the Architecture in Action

100 production projects built on top of these foundations — each one documented with architecture diagrams, business context, and GRC mapping.

View All Projects Case Studies Book a Call
Choose Theme