// 28 - Intro to Landing Zones

Continuing the 'Architecting for the Cloud, one pattern at a time' series, Chris and Peter Piper explore two closely related cloud design patterns for securing APIs and backend resources. The Gatekeeper pattern positions a dedicated host between untrusted clients and trusted backend services — handling authentication, authorization, request validation, protocol translation, and rate limiting. The Valet Key pattern complements it by issuing short-lived, scope-restricted tokens (such as Azure SAS tokens) so clients can access specific resources directly, reducing load on central services without sacrificing security. The episode covers practical implementation options on Azure including API Management, Azure Key Vault, and Azure App Configuration.

The Deployment Stamps pattern is a powerful cloud architecture approach for scaling, resilience, and multi-tenancy. In this episode, Chris Reddington is joined by John Downs — who contributed the pattern to the Azure Architecture Center — to explore how stamping out independent copies of your application stack across regions enables geographic distribution, data sovereignty, isolated failure domains, and deployment rings for staged rollouts. Discover when to use this pattern, how Azure itself relies on it internally, and the key considerations around request routing, cross-stamp querying, and disaster recovery planning.

Moving to Azure? Security has to come first. Chris is joined by cybersecurity expert Andrew Nathan to explore how organisations can build a strong security posture in the cloud — covering Azure Security Center and Secure Score, identity strategy (Azure AD vs. Azure RBAC), multi-factor authentication, threat modelling, Azure Policy and Management Groups for governance, and the evolution of security operations into red team/blue team war gaming. Whether you're starting your cloud journey or course-correcting an existing environment, this episode will help you understand where to begin and how to keep improving over time.