Merge pull request #43 from bcgov/dev

Push to production

docs/deploy-an-app-to-the-aws-landing-zone.md → docs/design-build-and-deploy-an-application/deploy-an-app-to-the-aws-landing-zone.md

@@ -19,7 +19,7 @@ This guide explains how to:
 
 To follow this guide, you need:
 
-- Access to a ASEA project set with dev, test, prod, and tools accounts. See how to [provision a project set](provision-a-project-set.md).
+- Access to a ASEA project set with dev, test, prod, and tools accounts. See how to [provision a project set](get-started/provision-a-project-set.md).
 - The ability to create AWS resources like S3 buckets, DynamoDB tables, etc.
 - A GitHub account with permissions to create repositories and workflows
 - Basic knowledge of [Terraform](https://www.terraform.io/), [GitHub Actions](https://docs.github.com/en/actions), and the [AWS CLI](https://aws.amazon.com/cli/)

docs/networking.md → docs/design-build-and-deploy-an-application/networking.md

@@ -65,7 +65,7 @@ Workload VPCs are strategically structured for Development (Dev), Testing (Test)
 
 - **Configuration details (CIDR Blocks)**
   - **CIDR Blocks**
-    - Each Workload VPC has a /16 CIDR block. Because all accounts in a specific OU share the same VPC that means that all teams in the ASEA share the same IP pools in the specific environments. For example if we have 20 [project sets](deploy-an-app-to-the-aws-landing-zone.md#aws-accounts-in-your-project-set) in the ASEA that's 20 Dev accounts all existing in the same Dev VPC and sharing the same /16 CIDR block.
+    - Each Workload VPC has a /16 CIDR block. Because all accounts in a specific OU share the same VPC that means that all teams in the ASEA share the same IP pools in the specific environments. For example if we have 20 [project sets](design-build-and-deploy-an-application/deploy-an-app-to-the-aws-landing-zone.md#aws-accounts-in-your-project-set) in the ASEA that's 20 Dev accounts all existing in the same Dev VPC and sharing the same /16 CIDR block.
 
   - **In the BC Gov ASEA:**
     - Dev VPC: /16
@@ -148,7 +148,7 @@ Generally, in the ASEA we recommend one of two methods of exposing services to t
 Making strategic choices between AWS API Gateway and ALBs is essential for optimizing cloud architecture. API Gateway is the preferred option for internet exposure, catering to modern applications using RESTful APIs and serverless computing. ALBs are should only be used for supporting legacy applications, and require integration support from the Public Cloud team.
 
 **Create an API in API Gateway**
-For general instructions on how to cerate an API gateway and safely expose it to the internet please see this [AWS documentation on HTTP APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api.html). For ASEA specific examples deployed using Terraform via GitHub Actions please see our [serverless, or container based sample applications](./deploy-an-app-to-the-aws-landing-zone.md#sample-applications). Creating resources via Terraform/ automation is always preferred.
+For general instructions on how to cerate an API gateway and safely expose it to the internet please see this [AWS documentation on HTTP APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api.html). For ASEA specific examples deployed using Terraform via GitHub Actions please see our [serverless, or container based sample applications](./design-build-and-deploy-an-application/deploy-an-app-to-the-aws-landing-zone.md#sample-applications). Creating resources via Terraform/ automation is always preferred.
 
 **Benefits of using API Gateway and VPC Link**
 - **Security and isolation** API Gateway and VPC Link provide a secure and isolated connection between your internet-facing API and backend services within a VPC. AWS WAF can also be used alongside your API gateway. 

docs/requirements-for-building-your-application.md → docs/design-build-and-deploy-an-application/requirements-for-building-your-application.md

@@ -6,11 +6,11 @@ The following sections describe the requirements for building your application o
 
 ## Prerequisites
 
-1. Create a [provisioning request for a project set](provision-a-project-set.md) for your team on the B.C. Government Public Cloud
+1. Create a [provisioning request for a project set](get-started/provision-a-project-set.md) for your team on the B.C. Government Public Cloud
 
 2. Once approved, your project set will be provisioned followed up by an email sent to the Product Owner and Technical Lead once the provisioning is complete
 
-3. Request access for the reset of the team by submitting a request to <[email protected]>. Refer to the guidelines on what details to include in your request for [account access](provision-a-project-set.md#account-access)
+3. Request access for the reset of the team by submitting a request to <[email protected]>. Refer to the guidelines on what details to include in your request for [account access](get-started/provision-a-project-set.md#account-access)
 
 ## Limitations of the AWS Landing Zone
 
@@ -26,12 +26,12 @@ Take the following into consideration when building your application on the AWS
 
 * Most networking is under the management of AWS Landing Zone and is not subject to change. Security groups are the exception to this rule
 
-* IAM Users and their access keys can only be generated  by the [IAM User management service](iam-user-service.md), which is created and managed by the Public Cloud team
+* IAM Users and their access keys can only be generated  by the [IAM User management service](design-build-and-deploy-an-application/iam-user-service.md), which is created and managed by the Public Cloud team
 
 
 ## Other requirements and best practices
 
-To use GitHub Actions for deploying your application, [OpenID Connect (OIDC) authentication](deploy-an-app-to-the-aws-landing-zone.md#configuring-github-action-oidc-authentication-to-aws) is required. 
+To use GitHub Actions for deploying your application, [OpenID Connect (OIDC) authentication](design-build-and-deploy-an-application/deploy-an-app-to-the-aws-landing-zone.md#configuring-github-action-oidc-authentication-to-aws) is required. 
 
 To deploy your application: 
 
@@ -108,11 +108,11 @@ This combined approach of Terraform AWS CLI and VSCode streamlines the deploymen
 
 ## Next steps
 
-- [Deploy an application to the B.C. Government AWS Landing Zone](deploy-an-app-to-the-aws-landing-zone.md)
+- [Deploy an application to the B.C. Government AWS Landing Zone](design-build-and-deploy-an-application/deploy-an-app-to-the-aws-landing-zone.md)
 
 ## Related pages
 
-- [Provision a project set](provision-a-project-set.md)
-- [Account access](provision-a-project-set.md#account-access)
-- [Configuring GitHub Action OIDC Authentication to AWS](deploy-an-app-to-the-aws-landing-zone.md#configuring-github-action-oidc-authentication-to-aws)
-- [Deploy an application to the B.C. Government AWS Landing Zone](deploy-an-app-to-the-aws-landing-zone.md)
+- [Provision a project set](get-started/provision-a-project-set.md)
+- [Account access](get-started/provision-a-project-set.md#account-access)
+- [Configuring GitHub Action OIDC Authentication to AWS](design-build-and-deploy-an-application/deploy-an-app-to-the-aws-landing-zone.md#configuring-github-action-oidc-authentication-to-aws)
+- [Deploy an application to the B.C. Government AWS Landing Zone](design-build-and-deploy-an-application/deploy-an-app-to-the-aws-landing-zone.md)

docs/bc-govs-aws-landing-zone-overview.md → docs/get-started/bc-govs-aws-landing-zone-overview.md

@@ -164,7 +164,7 @@ This logging architecture ensures that ministry teams can effectively monitor, a
 
 The IAM User Management and Key Rotation solution, an integral part of the B.C. Government AWS Landing Zone, offers a secure and automated method for managing IAM users and their access keys. This solution is needed for scenarios where access to AWS services is required from outside the AWS environment, such as from on-premises systems.
 
-For detailed user documentation, see the [IAM User Management Service](iam-user-service.md) page.
+For detailed user documentation, see the [IAM User Management Service](design-build-and-deploy-an-application/iam-user-service.md) page.
 
 #### Summary of Features
 
@@ -223,11 +223,11 @@ By recognizing and respecting the role of these ASEA-managed resources, ministry
 
 ## Next steps
 
-- [Deploy an application to the B.C. Government AWS Landing Zone](deploy-an-app-to-the-aws-landing-zone.md)
+- [Deploy an application to the B.C. Government AWS Landing Zone](design-build-and-deploy-an-application/deploy-an-app-to-the-aws-landing-zone.md)
 
 ## Related pages
 
 - [Public cloud services](https://digital.gov.bc.ca/cloud/services/public)
 - [Public cloud hosting 101](https://digital.gov.bc.ca/cloud/services/public/intro/)
-- [Deploy an application to the B.C. Government AWS Landing Zone](deploy-an-app-to-the-aws-landing-zone.md)
-- [IAM User Management Service](iam-user-service.md)
+- [Deploy an application to the B.C. Government AWS Landing Zone](design-build-and-deploy-an-application/deploy-an-app-to-the-aws-landing-zone.md)
+- [IAM User Management Service](design-build-and-deploy-an-application/iam-user-service.md)

docs/provision-a-project-set.md → docs/get-started/provision-a-project-set.md

@@ -1,7 +1,7 @@
 # Provision a new AWS project set
 Last updated: **November 21, 2023**
 
-On the Public Cloud platform, different teams organize their work on isolated [project sets](deploy-an-app-to-the-aws-landing-zone.md#aws-accounts-in-your-project-set). Before working on the platform, the [Product Owner](bc-govs-aws-landing-zone-overview.md#key-features-of-the-product-registry-service) of the respective team must submit a project set provisioning request for your team on the B.C. Government Public Cloud.
+On the Public Cloud platform, different teams organize their work on isolated [project sets](design-build-and-deploy-an-application/deploy-an-app-to-the-aws-landing-zone.md#aws-accounts-in-your-project-set). Before working on the platform, the [Product Owner](get-started/bc-govs-aws-landing-zone-overview.md#key-features-of-the-product-registry-service) of the respective team must submit a project set provisioning request for your team on the B.C. Government Public Cloud.
 
 ---
 
@@ -47,12 +47,12 @@ To do that you must meet the prerequisites for provisioning a project set outlin
 
   ![ministry-provider](images/provision-a-project-set/ministry-provider.png)
 
-6. Enter the [Product Owner](bc-govs-aws-landing-zone-overview.md#key-features-of-the-product-registry-service) and [Technical Lead(s)](bc-govs-aws-landing-zone-overview.md#key-features-of-the-product-registry-service) **details** per each required field.
+6. Enter the [Product Owner](get-started/bc-govs-aws-landing-zone-overview.md#key-features-of-the-product-registry-service) and [Technical Lead(s)](get-started/bc-govs-aws-landing-zone-overview.md#key-features-of-the-product-registry-service) **details** per each required field.
 
     <!-- TODO: move some of this to a separate "RBAC", or "Login Application" document and link to it here -->
 
-  - The Product Owner and Technical Lead(s) will be granted access to the 4 AWS accounts in the [Project Set](deploy-an-app-to-the-aws-landing-zone.md#aws-accounts-in-your-project-set) via the Admin role 
-  - The Admin role is attached to the AWS managed policy [AdministratorAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AdministratorAccess.html) which provides unrestricted access into AWS accounts. However, because we are operating under the ASEA's [guardrails](bc-govs-aws-landing-zone-overview.md#security-guardrails) the Admin role is restricted within those bounds in all accounts in the ASEA. As long as the user with an Admin role is not breaching the guardrails, they will be unrestricted within the account.
+  - The Product Owner and Technical Lead(s) will be granted access to the 4 AWS accounts in the [Project Set](design-build-and-deploy-an-application/deploy-an-app-to-the-aws-landing-zone.md#aws-accounts-in-your-project-set) via the Admin role 
+  - The Admin role is attached to the AWS managed policy [AdministratorAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AdministratorAccess.html) which provides unrestricted access into AWS accounts. However, because we are operating under the ASEA's [guardrails](get-started/bc-govs-aws-landing-zone-overview.md#security-guardrails) the Admin role is restricted within those bounds in all accounts in the ASEA. As long as the user with an Admin role is not breaching the guardrails, they will be unrestricted within the account.
 
   ![po-tech-lead](images/provision-a-project-set/po-tech-leads.png)
 
@@ -76,7 +76,7 @@ To do that you must meet the prerequisites for provisioning a project set outlin
 
 ## Account access
 <!-- TODO: move some of this to a separate "RBAC", or "Login Application" document and link to it here -->
-Once the AWS accounts have been provisioned, the [Product Owner](bc-govs-aws-landing-zone-overview.md#key-features-of-the-product-registry-service) and [Technical Lead(s)](bc-govs-aws-landing-zone-overview.md#key-features-of-the-product-registry-service) will be able to see them all in the [Login Application](https://login.nimbus.cloud.gov.bc.ca/) and they will have Admin access into the accounts.
+Once the AWS accounts have been provisioned, the [Product Owner](get-started/bc-govs-aws-landing-zone-overview.md#key-features-of-the-product-registry-service) and [Technical Lead(s)](get-started/bc-govs-aws-landing-zone-overview.md#key-features-of-the-product-registry-service) will be able to see them all in the [Login Application](https://login.nimbus.cloud.gov.bc.ca/) and they will have Admin access into the accounts.
 
 For other team members access, please have the Product Owner email: [email protected] with the following information:
 
@@ -90,5 +90,5 @@ For other team members access, please have the Product Owner email: cloud.pathfi
 ## Related pages
 - [Platform Project Registry](https://registry.developer.gov.bc.ca/login)
 - [OnBoarding Guide for BC Gov AWS ASEA](https://digital.gov.bc.ca/cloud/services/public/onboard/)
-- [B.C. Government AWS Landing Zone overview](bc-govs-aws-landing-zone-overview.md)
-- [Deploy an application to the  B.C. Government AWS Landing Zone](deploy-an-app-to-the-aws-landing-zone.md)
+- [B.C. Government AWS Landing Zone overview](get-started/bc-govs-aws-landing-zone-overview.md)
+- [Deploy an application to the  B.C. Government AWS Landing Zone](design-build-and-deploy-an-application/deploy-an-app-to-the-aws-landing-zone.md)

docs/index.md

@@ -4,16 +4,17 @@
 
 Start here for the first steps on working in our AWS Secure Environment Accelerator (ASEA):
 
-* [B.C. Government AWS Landing Zone overview](bc-govs-aws-landing-zone-overview.md)
-* [Provision a project set in AWS](provision-a-project-set.md)
-* [Account access](provision-a-project-set.md#account-access)
+* [B.C. Government AWS Landing Zone overview](get-started/bc-govs-aws-landing-zone-overview.md)
+* [Provision a project set in AWS](get-started/provision-a-project-set.md)
+* [Account access](get-started/provision-a-project-set.md#account-access)
 
 ## Build, deploy and maintain apps
 
 Best practices on the platform:
 
-* [Requirements for building your application](requirements-for-building-your-application.md)
-* [Deploy an application to the  B.C. Government AWS Landing Zone](deploy-an-app-to-the-aws-landing-zone.md)
+* [Requirements for building your application](design-build-and-deploy-an-application/requirements-for-building-your-application.md)
+* [Deploy an application to the  B.C. Government AWS Landing Zone](design-build-and-deploy-an-application/deploy-an-app-to-the-aws-landing-zone.md)
+* [Networking](design-build-and-deploy-an-application/networking.md)
 
 <!--
 Make sure to keep the page titles with the exact name of pages throughout the documentation
@@ -24,13 +25,19 @@ E.g "Deploy an application to the  B.C. Government AWS Landing Zone" cannot be c
 * Retire an application (coming soon) 
 -->
 
-## Training and learning
+## Understand your AWS billing
 
-Relevant technical information about the components that make up the AWS Secure Environment Accelerator (ASEA).
+Use the Cost Management Dashboard to get an overview of your spend in AWS:
+
+* [AWS billing and cost management dashboards](understanding-your-aws-bill/aws-billing-and-cost-management-dashboard-via-quicksight.md)
+
+<!-- ## Training and learning
+
+Relevant technical information about the components that make up the AWS Secure Environment Accelerator (ASEA). -->
 
 <!-- ### Learn about the AWS Secure Environment Accelerator (ASEA) -->
 <!-- * [Technical architecture](technical-architecture.md) -->
-<!-- * [Networking](networking.md) -->
+<!-- * [Networking](design-build-and-deploy-an-application/networking.md) -->
 
 ### Rocket.Chat
 
@@ -47,7 +54,7 @@ Every six weeks, we host a platform community MeetUp where we talk about changes
 
 ### Reusable code and services
 
-We have several [sample applications](deploy-an-app-to-bc-govs-aws-landing-zone.md#sample-applications) which will deploy a simple application into your AWS Accounts utilizing different architectures. Use these to learn about best practices, how a GitHub Actions pipeline interacts with an AWS account in the ASEA, and give your team a launchpad to begin development in AWS.
+We have several [sample applications](design-build-and-deploy-an-application/deploy-an-app-to-the-aws-landing-zone.md#sample-applications) which will deploy a simple application into your AWS Accounts utilizing different architectures. Use these to learn about best practices, how a GitHub Actions pipeline interacts with an AWS account in the ASEA, and give your team a launchpad to begin development in AWS.
 
 ### External training
 

mkdocs.yml

@@ -5,17 +5,17 @@ edit_uri: edit/main/docs/
 nav:
 - Get started:
   - Get started: index.md
-  - B.C. Government AWS Landing Zone overview: bc-govs-aws-landing-zone-overview.md
-  - Provision a project set in AWS: provision-a-project-set.md
+  - B.C. Government AWS Landing Zone overview: get-started/bc-govs-aws-landing-zone-overview.md
+  - Provision a project set in AWS: get-started/provision-a-project-set.md
 - Design, build and deploy an application:
-  - Requirements for building your application: requirements-for-building-your-application.md
-  - User management: user-management.md
-  - Deploy an app to BC Gov's AWS Landing Zone: deploy-an-app-to-the-aws-landing-zone.md
-  - Networking:  networking.md
-  - AWS IAM User service:  iam-user-service.md
+  - Requirements for building your application: design-build-and-deploy-an-application/requirements-for-building-your-application.md
+  - User management: design-build-and-deploy-an-application/user-management.md
+  - Deploy an app to BC Gov's AWS Landing Zone: design-build-and-deploy-an-application/deploy-an-app-to-the-aws-landing-zone.md
+  - Networking:  design-build-and-deploy-an-application/networking.md
+  - AWS IAM User service:  design-build-and-deploy-an-application/iam-user-service.md
 - Understand your AWS billing:
-  - AWS Cost Management Dashboard:  aws-billing-and-cost-management-dashboard-via-quicksight.md
+  - AWS Cost Management Dashboard:  understanding-your-aws-bill/aws-billing-and-cost-management-dashboard-via-quicksight.md
 - Upcoming features:
-  - AWS Calgary region: calgary-region-in-aws-secure-environment-accelerator.md
+  - AWS Calgary region: upcoming-features/calgary-region-in-aws-secure-environment-accelerator.md
 plugins:
 - techdocs-core