Merge pull request #46 from bcgov/dev

bugfix

docs/design-build-and-deploy-an-application/iam-user-service.md

@@ -12,15 +12,15 @@ To create an IAM user:
 
 1. Insert a new item into the DynamoDB table `BCGOV_IAM_USER_TABLE`
 
-    ![table](images/iam-user-service/table.png)
+    ![table](../images/iam-user-service/table.png)
 
 2. Set the `UserName` attribute to the desired IAM username
 
-    ![create-user](images/iam-user-service/create-user.png)
+    ![create-user](../images/iam-user-service/create-user.png)
 
     A Lambda function will trigger to create the IAM user, generate an access key, and store it in the SSM Parameter Store. This function also runs hourly to rotate keys as needed and ensure DynamoDB table entries align with actual IAM account users, removing any discrepancies.
 
-    ![iam-user](images/iam-user-service/iam-users.png)
+    ![iam-user](../images/iam-user-service/iam-users.png)
 
 ### IAM username constraints
 
@@ -59,7 +59,7 @@ The Lambda function manages key rotation by monitoring the age of the keys. When
 }
 ```
 
-![parameter](images/iam-user-service/parameter.png)
+![parameter](../images/iam-user-service/parameter.png)
 
 ## Setup automation to retrieve and use keys
 
@@ -121,4 +121,4 @@ Example policy that allows s3 actions only to a specific ip range:
 
 ## Related pages
 
-- [B.C. Government AWS Landing Zone overview](bc-gov-aws-landing-zone-overview.md)
+- [B.C. Government AWS Landing Zone overview](../get-started/bc-govs-aws-landing-zone-overview.md)

docs/design-build-and-deploy-an-application/networking.md

@@ -19,11 +19,11 @@ This streamlined approach eliminates the need for duplicating resources across m
 
 The distinction between the Shared Networking and Perimeter accounts is driven by the need for "separation of duties" in networking and security. In essence, ASEA's networking architecture guarantees centralized, well-organized, and secure communication. This is achieved through Transit Gateway routing, distinct security measures for the Perimeter VPC, and efficient resource management in the Shared Network account, as depicted in the B.C. Government ASEA's networking diagram below:
 
-![networking-architecture](images/networking/network-architecture.png)
+![networking-architecture](../images/networking/network-architecture.png)
 
 Another useful diagram provided by AWS shows how all workload VPCs exist in the Shared Networking account and utilized in every workload account based on the OU that they reside in.
 
-![shared-vpc](images/networking/shared-vpc.png)
+![shared-vpc](../images/networking/shared-vpc.png)
 
 For further reading beyond this document please visit the [AESA network architecture docs](https://aws-samples.github.io/aws-secure-environment-accelerator/latest/architectures/sensitive/network/). We use the [GWLB architecture](https://aws-samples.github.io/aws-secure-environment-accelerator/latest/architectures/sensitive/diagrams/#14-additional-perimeter-patterns) with third-party firewalls.
 
@@ -65,7 +65,7 @@ Workload VPCs are strategically structured for Development (Dev), Testing (Test)
 
 - **Configuration details (CIDR Blocks)**
   - **CIDR Blocks**
-    - Each Workload VPC has a /16 CIDR block. Because all accounts in a specific OU share the same VPC that means that all teams in the ASEA share the same IP pools in the specific environments. For example if we have 20 [project sets](design-build-and-deploy-an-application/deploy-an-app-to-the-aws-landing-zone.md#aws-accounts-in-your-project-set) in the ASEA that's 20 Dev accounts all existing in the same Dev VPC and sharing the same /16 CIDR block.
+    - Each Workload VPC has a /16 CIDR block. Because all accounts in a specific OU share the same VPC that means that all teams in the ASEA share the same IP pools in the specific environments. For example if we have 20 [project sets](../design-build-and-deploy-an-application/deploy-an-app-to-the-aws-landing-zone.md#aws-accounts-in-your-project-set) in the ASEA that's 20 Dev accounts all existing in the same Dev VPC and sharing the same /16 CIDR block.
 
   - **In the BC Gov ASEA:**
     - Dev VPC: /16
@@ -148,7 +148,7 @@ Generally, in the ASEA we recommend one of two methods of exposing services to t
 Making strategic choices between AWS API Gateway and ALBs is essential for optimizing cloud architecture. API Gateway is the preferred option for internet exposure, catering to modern applications using RESTful APIs and serverless computing. ALBs are should only be used for supporting legacy applications, and require integration support from the Public Cloud team.
 
 **Create an API in API Gateway**
-For general instructions on how to cerate an API gateway and safely expose it to the internet please see this [AWS documentation on HTTP APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api.html). For ASEA specific examples deployed using Terraform via GitHub Actions please see our [serverless, or container based sample applications](./design-build-and-deploy-an-application/deploy-an-app-to-the-aws-landing-zone.md#sample-applications). Creating resources via Terraform/ automation is always preferred.
+For general instructions on how to cerate an API gateway and safely expose it to the internet please see this [AWS documentation on HTTP APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api.html). For ASEA specific examples deployed using Terraform via GitHub Actions please see our [serverless, or container based sample applications](../design-build-and-deploy-an-application/deploy-an-app-to-the-aws-landing-zone.md#sample-applications). Creating resources via Terraform/ automation is always preferred.
 
 **Benefits of using API Gateway and VPC Link**
 - **Security and isolation** API Gateway and VPC Link provide a secure and isolated connection between your internet-facing API and backend services within a VPC. AWS WAF can also be used alongside your API gateway. 

docs/design-build-and-deploy-an-application/requirements-for-building-your-application.md

@@ -6,11 +6,11 @@ The following sections describe the requirements for building your application o
 
 ## Prerequisites
 
-1. Create a [provisioning request for a project set](get-started/provision-a-project-set.md) for your team on the B.C. Government Public Cloud
+1. Create a [provisioning request for a project set](../get-started/provision-a-project-set.md) for your team on the B.C. Government Public Cloud
 
 2. Once approved, your project set will be provisioned followed up by an email sent to the Product Owner and Technical Lead once the provisioning is complete
 
-3. Request access for the reset of the team by submitting a request to <[email protected]>. Refer to the guidelines on what details to include in your request for [account access](get-started/provision-a-project-set.md#account-access)
+3. Request access for the reset of the team by submitting a request to <[email protected]>. Refer to the guidelines on what details to include in your request for [account access](../get-started/provision-a-project-set.md#account-access)
 
 ## Limitations of the AWS Landing Zone
 
@@ -26,12 +26,12 @@ Take the following into consideration when building your application on the AWS
 
 * Most networking is under the management of AWS Landing Zone and is not subject to change. Security groups are the exception to this rule
 
-* IAM Users and their access keys can only be generated  by the [IAM User management service](design-build-and-deploy-an-application/iam-user-service.md), which is created and managed by the Public Cloud team
+* IAM Users and their access keys can only be generated  by the [IAM User management service](../design-build-and-deploy-an-application/iam-user-service.md), which is created and managed by the Public Cloud team
 
 
 ## Other requirements and best practices
 
-To use GitHub Actions for deploying your application, [OpenID Connect (OIDC) authentication](design-build-and-deploy-an-application/deploy-an-app-to-the-aws-landing-zone.md#configuring-github-action-oidc-authentication-to-aws) is required. 
+To use GitHub Actions for deploying your application, [OpenID Connect (OIDC) authentication](../design-build-and-deploy-an-application/deploy-an-app-to-the-aws-landing-zone.md#configuring-github-action-oidc-authentication-to-aws) is required. 
 
 To deploy your application: 
 
@@ -74,15 +74,15 @@ To apply this configuration, follow these steps:
 
 1. Open a terminal in the directory where you saved your Terraform script.
 
-Ensure you have AWS credentials, obtainable by visiting the AWS login page and clicking on the `Click for Credentials` button for the desired authorization role as shown in the image below. ![aws-credential-cli](images/requirements-for-building-your-application/aws-credential-cli.png)
+Ensure you have AWS credentials, obtainable by visiting the AWS login page and clicking on the `Click for Credentials` button for the desired authorization role as shown in the image below. ![aws-credential-cli](../images/requirements-for-building-your-application/aws-credential-cli.png)
 
 2. Copy the credential 
 
-![aws-credential-cli](images/requirements-for-building-your-application/click-credential.png)
+![aws-credential-cli](../images/requirements-for-building-your-application/click-credential.png)
 
 3. Paste the copied credential
 
-![aws-credential-cli](images/requirements-for-building-your-application/terminal.png)
+![aws-credential-cli](../images/requirements-for-building-your-application/terminal.png)
 
 
 4. Initialize your Terraform configuration:
@@ -108,11 +108,11 @@ This combined approach of Terraform AWS CLI and VSCode streamlines the deploymen
 
 ## Next steps
 
-- [Deploy an application to the B.C. Government AWS Landing Zone](design-build-and-deploy-an-application/deploy-an-app-to-the-aws-landing-zone.md)
+- [Deploy an application to the B.C. Government AWS Landing Zone](../design-build-and-deploy-an-application/deploy-an-app-to-the-aws-landing-zone.md)
 
 ## Related pages
 
 - [Provision a project set](get-started/provision-a-project-set.md)
 - [Account access](get-started/provision-a-project-set.md#account-access)
-- [Configuring GitHub Action OIDC Authentication to AWS](design-build-and-deploy-an-application/deploy-an-app-to-the-aws-landing-zone.md#configuring-github-action-oidc-authentication-to-aws)
-- [Deploy an application to the B.C. Government AWS Landing Zone](design-build-and-deploy-an-application/deploy-an-app-to-the-aws-landing-zone.md)
+- [Configuring GitHub Action OIDC Authentication to AWS](../design-build-and-deploy-an-application/deploy-an-app-to-the-aws-landing-zone.md#configuring-github-action-oidc-authentication-to-aws)
+- [Deploy an application to the B.C. Government AWS Landing Zone](../design-build-and-deploy-an-application/deploy-an-app-to-the-aws-landing-zone.md)

docs/design-build-and-deploy-an-application/user-management.md

@@ -17,7 +17,7 @@ One of the key updates is the introduction of a comprehensive user management fe
 4. **Admins**
 5. **Security auditors**
 
-![AWS landing zone product registry screen preview of the dashboard to manage users showing different users with different access options](images/user-management/registry_roles.png)
+![AWS landing zone product registry screen preview of the dashboard to manage users showing different users with different access options](../images/user-management/registry_roles.png)
 ### Prerequisites
 
 - Users must have a valid IDIR to be added to these roles.
@@ -73,7 +73,7 @@ Assigning users to these roles grants them specific permissions to AWS accounts
 
 ## Accessing the Public Cloud AWS Landing Zone
 - Once a user is added to a role, they can access the product (AWS accounts) from the [Public Cloud Landing Zone.](https://login.nimbus.cloud.gov.bc.ca/) If users have multiple roles, they can choose any of those roles when logging in to the account.
-![AWS landing zone screen preview of the dashboard showing access to choose different types to login based on user credentials](images/user-management/landing_zone.png)
+![AWS landing zone screen preview of the dashboard showing access to choose different types to login based on user credentials](../images/user-management/landing_zone.png)
 
 ## AWS managed policies overview
 - AWS managed policies are predefined policies that provide permissions for many common use cases. These policies are maintained by AWS and provide a set of permissions that align with common job functions in the AWS environment. By using AWS managed policies, you can ensure that the permissions are set up correctly and updated by AWS as necessary.

docs/get-started/bc-govs-aws-landing-zone-overview.md

@@ -164,7 +164,7 @@ This logging architecture ensures that ministry teams can effectively monitor, a
 
 The IAM User Management and Key Rotation solution, an integral part of the B.C. Government AWS Landing Zone, offers a secure and automated method for managing IAM users and their access keys. This solution is needed for scenarios where access to AWS services is required from outside the AWS environment, such as from on-premises systems.
 
-For detailed user documentation, see the [IAM User Management Service](design-build-and-deploy-an-application/iam-user-service.md) page.
+For detailed user documentation, see the [IAM User Management Service](../design-build-and-deploy-an-application/iam-user-service.md) page.
 
 #### Summary of Features
 
@@ -223,11 +223,11 @@ By recognizing and respecting the role of these ASEA-managed resources, ministry
 
 ## Next steps
 
-- [Deploy an application to the B.C. Government AWS Landing Zone](design-build-and-deploy-an-application/deploy-an-app-to-the-aws-landing-zone.md)
+- [Deploy an application to the B.C. Government AWS Landing Zone](../design-build-and-deploy-an-application/deploy-an-app-to-the-aws-landing-zone.md)
 
 ## Related pages
 
 - [Public cloud services](https://digital.gov.bc.ca/cloud/services/public)
 - [Public cloud hosting 101](https://digital.gov.bc.ca/cloud/services/public/intro/)
-- [Deploy an application to the B.C. Government AWS Landing Zone](design-build-and-deploy-an-application/deploy-an-app-to-the-aws-landing-zone.md)
-- [IAM User Management Service](design-build-and-deploy-an-application/iam-user-service.md)
+- [Deploy an application to the B.C. Government AWS Landing Zone](../design-build-and-deploy-an-application/deploy-an-app-to-the-aws-landing-zone.md)
+- [IAM User Management Service](../design-build-and-deploy-an-application/iam-user-service.md)