Update mkdocs configuration and move security guardrails document (#68)

* Update mkdocs configuration and move security guardrails document - Added a new navigation entry for "Security guardrails" in the AWS section of mkdocs.yml. - Removed the obsolete security guardrails document from the AWS design-build-and-deploy section. - Cleaned up mkdocs.yml by removing unnecessary trailing spaces. This update enhances the documentation structure by including relevant security guidelines while eliminating outdated content. * Fix links on aws security guardrails section - Updated bullet points to use asterisks for better readability. - Clarified restrictions on encryption, security services, logging, and account management. - Improved links to related documentation for IAM user management and user management documentation. These changes enhance the overall structure and accessibility of the security guidelines, ensuring users can easily understand and navigate the content. * Fix link to AWS Security & Compliance Guardrails document for improved navigation in the AWS landing zone overview. * Update mkdocs.yml to clarify AWS Security guardrails section - Renamed navigation entry from "Security guardrails" to "AWS Security and compliance guardrails" for improved clarity and consistency in the documentation structure.
bcgov · Dec 16, 2024 · 267ff13 · 267ff13
1 parent 892b950
commit 267ff13
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 14 deletions.
diff --git a/docs/aws/get-started-with-aws/bc-govs-aws-landing-zone-overview.md b/docs/aws/get-started-with-aws/bc-govs-aws-landing-zone-overview.md
@@ -103,7 +103,7 @@ The AWS Secure Environment Accelerator (ASEA) product provides a security framew
 
 The ASEA security framework ensures that you can develop and deploy applications in a secure, compliant, and controlled AWS environment, enabling them to focus on delivering innovative and effective digital services.
 
-For more information, see [AWS Security & Compliance Guardrails](../design-build-and-deploy-an-application/security-guardrails.md).
+For more information, see [AWS Security & Compliance Guardrails](./security-guardrails.md).
 
 ### Networking
 

diff --git a/...loy-an-application/security-guardrails.md → ...t-started-with-aws/security-guardrails.md b/...loy-an-application/security-guardrails.md → ...t-started-with-aws/security-guardrails.md
@@ -46,29 +46,29 @@ This means:
 ## Security and compliance
 
 1. Encryption:
-   - Encryption is mandatory for services like EBS volumes, RDS instances, and EFS file systems
-   - You can't disable encryption on resources that require it
+   * Encryption is mandatory for services like EBS volumes, RDS instances, and EFS file systems
+   * You can't disable encryption on resources that require it
 
    This means:
 
-   - When creating new S3 buckets, EBS volumes, or RDS instances, you must ensure they are encrypted. The system will enforce this, but be aware that you can't create unencrypted storage resources
+   * When creating new S3 buckets, EBS volumes, or RDS instances, you must ensure they are encrypted. The system will enforce this, but be aware that you can't create unencrypted storage resources
 
 2. Security services:
-   - You have limited ability to modify settings for services like GuardDuty, Security Hub, and Macie.
+   * You have limited ability to modify settings for services like GuardDuty, Security Hub, and Macie.
 
 3. Logging and monitoring:
-   - You can't modify or delete CloudWatch logs, alarms, and dashboards related to our managed infrastructure
-   - You can create your own CloudWatch alarms and dashboards, but you can't modify ones that are part of the protected infrastructure
+   * You can't modify or delete CloudWatch logs, alarms, and dashboards related to our managed infrastructure
+   * You can create your own CloudWatch alarms and dashboards, but you can't modify ones that are part of the protected infrastructure
 
 ## Account management
 
-- You can't perform high-level account actions such as leaving the AWS organization or closing the account
-- Creation of new IAM users and groups is restricted. A limited custom service is deployed in your accounts to create IAM users. See [IAM User Service](./iam-user-service.md) for more information
+* You can't perform high-level account actions such as leaving the AWS organization or closing the account
+* Creation of new IAM users and groups is restricted. A limited custom service is deployed in your accounts to create IAM users. See [IAM User Service](../design-build-and-deploy-an-application/iam-user-service.md) for more information
 
 Implications:
 
-- You can't create new IAM users or groups. If you need to onboard new team members or create new roles, you can do that using the [Product Registry](https://registry.developer.gov.bc.ca). See [BC Gov's Product Registry - User management documentation](./user-management.md) for more information
-- Be cautious when attaching policies that grant broad permissions. Use the least privilege principle when assigning permissions
+* You can't create new IAM users or groups. If you need to onboard new team members or create new roles, you can do that using the [Product Registry](https://registry.developer.gov.bc.ca). See [BC Gov's Product Registry - User management documentation](../design-build-and-deploy-an-application/user-management.md) for more information
+* Be cautious when attaching policies that grant broad permissions. Use the least privilege principle when assigning permissions
 
 ## Service restrictions
 
@@ -90,4 +90,4 @@ To provide a centralized view of costs across all accounts and projects, the Pub
 
 By following these guidelines, you help maintain the security and compliance of our AWS environment. If these limitations significantly impact your work, contact the Public Cloud team for guidance, workarounds, or to request exceptions for critical business needs.
 
-If you have any questions or need assistance, please contact the Public Cloud team at [email protected].
+If you have any questions or need assistance, please contact the Public Cloud team at <[email protected]>.
diff --git a/mkdocs.yml b/mkdocs.yml
@@ -13,6 +13,7 @@ nav:
       - Get started with AWS:
           - Overview: aws/index.md
           - AWS Landing Zone overview: aws/get-started-with-aws/bc-govs-aws-landing-zone-overview.md
+          - AWS Security and compliance guardrails: aws/get-started-with-aws/security-guardrails.md
       - Design, build, and deploy:
           - Requirements: aws/design-build-and-deploy-an-application/requirements-for-building-your-application.md
           - User Management: aws/design-build-and-deploy-an-application/user-management.md
@@ -44,9 +45,9 @@ nav:
           - Azure Cost Management: azure/understanding-your-bill/azure-billing-and-cost-management.md
       - Upcoming features:
           - Domain Join: azure/upcoming-features/domain-join.md
-          - Express route: azure/upcoming-features/express-route.md          
+          - Express route: azure/upcoming-features/express-route.md
       - Enterprise support:
           - Azure Enterprise Support: azure/support/enterprise-support.md
 plugins:
   - techdocs-core
-  - git-revision-date-localized 
+  - git-revision-date-localized