← VAF·SA Framework
Vendor cloud frameworks — Well-Architected Frameworks, Cloud Adoption Frameworks, landing-zone blueprints, and governance baselines — describe platform-specific good practice. They define what a well-governed cloud environment looks like on a given platform, and they provide structured guidance for workload assessment, landing-zone design, and operational controls.
VAF·SA is not a replacement for any of these frameworks. It does not attempt to re-describe AWS security design, Azure identity topology, or Google Cloud organisation structure. Those topics are the vendor's domain.
VAF·SA describes how the architect operates in the space before and around vendor framework application: how to read a stalled engagement, extract missing intelligence from a vendor-heavy environment, resolve unclear ownership, navigate decision paralysis, and turn uncertainty into a recommendation the client can act on. That is a practitioner method problem — not a platform problem.
Vendor frameworks describe the destination. VAF·SA describes how to navigate the terrain between where the client is now and where the framework says they should be.
Vendor Framework
What good looks like
Platform-specific architecture principles, pillar definitions, landing-zone patterns, control baselines, and workload assessment tools.
VAF·SA
How the practitioner operates
The field method for reading environments, extracting intelligence, resolving ambiguity, selecting the right architecture instrument, and producing the minimum useful artefact under pressure.
This Reference Layer
How they map
Where VAF·SA modules align to cloud adoption, workload assessment, landing-zone design, and governance evidence collection — per vendor and vendor-neutral.
Each vendor reference page summarises the key frameworks, cloud adoption models, landing-zone patterns, and governance baselines for that platform — with notes on how VAF·SA applies in those contexts and links to official vendor documentation.
Amazon Web Services
AWS
Well-Architected Framework, Cloud Adoption Framework, Control Tower, Landing Zones, multi-account strategy.
View reference →
Microsoft Azure
Azure
Cloud Adoption Framework, Well-Architected Framework, Azure Landing Zones, management groups, Azure Policy.
View reference →
Google Cloud Platform
Google Cloud
Architecture Framework, Cloud Adoption Framework, landing-zone design, org hierarchy, Security Command Center.
View reference →
Oracle Cloud Infrastructure
OCI
Architecture principles, landing-zone patterns, tenancy and compartment design, Cloud Guard, Security Zones.
View reference →
Vendor-Neutral
Landing Zone Blueprint
14 enterprise landing-zone domains mapped across AWS, Azure, Google Cloud, and OCI.
View blueprint →
This mapping is not a prescription. It identifies where each module's practitioner activities and outputs connect to vendor framework concepts. A practitioner working a cloud engagement will move through VAF·SA modules in sequence while drawing on vendor framework reference material at each stage.
Cloud adoption context
- Cloud strategy — why the organisation is moving to cloud and what is driving the timeline
- Current-state maturity — what is already in cloud, what is on-premises, what is contested
- Ownership model — who controls cloud accounts, security tooling, and landing-zone standards
- Decision structure — who has the authority to approve platform and workload placement decisions
Vendor framework alignment
- AWS CAF: Business and People perspectives — strategy, readiness, stakeholder alignment
- Azure CAF: Strategy and Plan phases — motivations, outcomes, business case
- Google Cloud Adoption: Assess and align — current capabilities, organisational readiness
- OCI: Architecture principles review — tenancy strategy, ownership, compartment governance model
Cloud discovery context
- Workload discovery — what workloads are candidates for migration, modernisation, or re-architecture
- Platform readiness — are accounts, landing zones, and baselines in place or still being built
- Risk identification — what compliance, data residency, and security constraints apply
- Governance gaps — where policy, tagging, cost management, or access controls are absent
Vendor framework alignment
- AWS Well-Architected Review: workload assessment, risk identification across six pillars
- Azure CAF: Ready phase — landing zone assessment, environment validation
- Google Cloud: Workload assessment — portfolio analysis, migration path identification
- OCI: Landing-zone readiness review — compartment design, IAM, network baseline validation
Cloud design context
- Well-Architected pillar evaluation — which pillars are most relevant to the target workload
- Landing-zone design areas — account structure, identity, networking, security, monitoring
- Target-state options — lift-and-shift vs re-platform vs re-architect — and the trade-offs
- Platform blueprint decisions — which controls are mandatory, which are configurable
Vendor framework alignment
- AWS WAF: six pillars — Operational Excellence, Security, Reliability, Performance, Cost, Sustainability
- Azure WAF: five pillars — Reliability, Security, Cost, Operational Excellence, Performance
- Google Cloud Architecture Framework: six pillars — System Design, Operational Excellence, Security, Reliability, Cost, Performance
- OCI: architecture best practices — high availability, security, cost efficiency, operational model
Cloud artefact context
- Architecture Decision Records — capturing platform, workload placement, and control decisions
- Architecture on a Page — landing-zone topology, workload placement, data flows
- Heat Map — risk, readiness, and governance status across the workload or platform portfolio
- Workload assessment — structured evidence of WAF pillar evaluation and risk disposition
- Landing-zone decision pack — account structure, identity, network, security baseline decisions
Vendor framework alignment
- AWS: Well-Architected Review report, Landing Zone decision log, Control Tower configuration record
- Azure: Landing Zone design documentation, Azure Policy assignment record, governance baseline
- Google Cloud: Landing zone blueprint documentation, Org Policy record, Security Command Center configuration
- OCI: Landing zone configuration record, Cloud Guard policy set, Security Zones definition
Cloud communication context
- Executive narrative — cloud investment rationale, expected outcomes, risk posture
- Risk framing — what risks are accepted, mitigated, or deferred in the current cloud posture
- Governance recommendations — what policies, guardrails, and review cycles are proposed
- Stakeholder alignment — aligning security, finance, operations, and delivery on the platform design
Vendor framework alignment
- AWS CAF: Governance and Security perspectives — policy, risk, compliance framing for stakeholders
- Azure CAF: Govern phase — cost management, security baseline, identity, resource consistency communication
- Google Cloud: Governance and compliance framing — Org Policy, audit logging, security posture reporting
- OCI: Security posture reporting — Cloud Guard findings, Security Zones status, compartment policy review
Cloud operating model context
- Continuous improvement — platform baseline iteration, control refinement, coverage expansion
- Operational feedback — cost anomalies, security findings, performance drift, availability events
- Platform governance iteration — policy reviews, exception management, account onboarding cadence
- Cloud operating model refinement — who runs what, how issues are escalated, how changes are governed
Vendor framework alignment
- AWS: Well-Architected continual improvement, Operational Excellence pillar practices, Control Tower drift detection
- Azure: Manage and Govern phases — Azure Monitor, Cost Management, Defender posture iteration
- Google Cloud: Operational excellence pillar — SRE practices, Cloud Operations Suite, continuous compliance
- OCI: Cloud Guard continuous monitoring, Security Zones enforcement iteration, operational review cadence