A customer from 2020 was focused on implementing enterprise-grade AWS Organization design with Azure AD federation. This was a new venture for the entire team, but we eventually came up with the following design.

The key components are the Azure AD integration for centralized identity management with SAML 2. We used a strategic AWS Organizations structure with dedicated Control Tower landing zone, while also establishing network isolation with dedicated Transit Gateway and AWS Firewall Manager
Segregated workload environments for customers, development, and production.

The managed service implementations including MongoDB, Prometheus and ECR enables our client to maintain strict governance while providing teams the autonomy they need to innovate.

The multi-account strategy ensures proper blast radius containment while the centralized identity management streamlines access control.