diff --git a/docs/aws/get-started-with-aws/bc-govs-aws-landing-zone-overview.md b/docs/aws/get-started-with-aws/bc-govs-aws-landing-zone-overview.md index 51a02a0..306593d 100644 --- a/docs/aws/get-started-with-aws/bc-govs-aws-landing-zone-overview.md +++ b/docs/aws/get-started-with-aws/bc-govs-aws-landing-zone-overview.md @@ -103,7 +103,7 @@ The AWS Secure Environment Accelerator (ASEA) product provides a security framew The ASEA security framework ensures that you can develop and deploy applications in a secure, compliant, and controlled AWS environment, enabling them to focus on delivering innovative and effective digital services. -For more information, see [AWS Security & Compliance Guardrails](../design-build-and-deploy-an-application/security-guardrails.md). +For more information, see [AWS Security & Compliance Guardrails](./security-guardrails.md). ### Networking diff --git a/docs/aws/design-build-and-deploy-an-application/security-guardrails.md b/docs/aws/get-started-with-aws/security-guardrails.md similarity index 84% rename from docs/aws/design-build-and-deploy-an-application/security-guardrails.md rename to docs/aws/get-started-with-aws/security-guardrails.md index 0c1a0aa..1e319da 100644 --- a/docs/aws/design-build-and-deploy-an-application/security-guardrails.md +++ b/docs/aws/get-started-with-aws/security-guardrails.md @@ -46,29 +46,29 @@ This means: ## Security and compliance 1. Encryption: - - Encryption is mandatory for services like EBS volumes, RDS instances, and EFS file systems - - You can't disable encryption on resources that require it + * Encryption is mandatory for services like EBS volumes, RDS instances, and EFS file systems + * You can't disable encryption on resources that require it This means: - - When creating new S3 buckets, EBS volumes, or RDS instances, you must ensure they are encrypted. The system will enforce this, but be aware that you can't create unencrypted storage resources + * When creating new S3 buckets, EBS volumes, or RDS instances, you must ensure they are encrypted. The system will enforce this, but be aware that you can't create unencrypted storage resources 2. Security services: - - You have limited ability to modify settings for services like GuardDuty, Security Hub, and Macie. + * You have limited ability to modify settings for services like GuardDuty, Security Hub, and Macie. 3. Logging and monitoring: - - You can't modify or delete CloudWatch logs, alarms, and dashboards related to our managed infrastructure - - You can create your own CloudWatch alarms and dashboards, but you can't modify ones that are part of the protected infrastructure + * You can't modify or delete CloudWatch logs, alarms, and dashboards related to our managed infrastructure + * You can create your own CloudWatch alarms and dashboards, but you can't modify ones that are part of the protected infrastructure ## Account management -- You can't perform high-level account actions such as leaving the AWS organization or closing the account -- Creation of new IAM users and groups is restricted. A limited custom service is deployed in your accounts to create IAM users. See [IAM User Service](./iam-user-service.md) for more information +* You can't perform high-level account actions such as leaving the AWS organization or closing the account +* Creation of new IAM users and groups is restricted. A limited custom service is deployed in your accounts to create IAM users. See [IAM User Service](../design-build-and-deploy-an-application/iam-user-service.md) for more information Implications: -- You can't create new IAM users or groups. If you need to onboard new team members or create new roles, you can do that using the [Product Registry](https://registry.developer.gov.bc.ca). See [BC Gov's Product Registry - User management documentation](./user-management.md) for more information -- Be cautious when attaching policies that grant broad permissions. Use the least privilege principle when assigning permissions +* You can't create new IAM users or groups. If you need to onboard new team members or create new roles, you can do that using the [Product Registry](https://registry.developer.gov.bc.ca). See [BC Gov's Product Registry - User management documentation](../design-build-and-deploy-an-application/user-management.md) for more information +* Be cautious when attaching policies that grant broad permissions. Use the least privilege principle when assigning permissions ## Service restrictions @@ -90,4 +90,4 @@ To provide a centralized view of costs across all accounts and projects, the Pub By following these guidelines, you help maintain the security and compliance of our AWS environment. If these limitations significantly impact your work, contact the Public Cloud team for guidance, workarounds, or to request exceptions for critical business needs. -If you have any questions or need assistance, please contact the Public Cloud team at cloud.pathfinder@gov.bc.ca. +If you have any questions or need assistance, please contact the Public Cloud team at . diff --git a/mkdocs.yml b/mkdocs.yml index a5b3b4f..f940381 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -13,6 +13,7 @@ nav: - Get started with AWS: - Overview: aws/index.md - AWS Landing Zone overview: aws/get-started-with-aws/bc-govs-aws-landing-zone-overview.md + - AWS Security and compliance guardrails: aws/get-started-with-aws/security-guardrails.md - Design, build, and deploy: - Requirements: aws/design-build-and-deploy-an-application/requirements-for-building-your-application.md - User Management: aws/design-build-and-deploy-an-application/user-management.md @@ -44,9 +45,9 @@ nav: - Azure Cost Management: azure/understanding-your-bill/azure-billing-and-cost-management.md - Upcoming features: - Domain Join: azure/upcoming-features/domain-join.md - - Express route: azure/upcoming-features/express-route.md + - Express route: azure/upcoming-features/express-route.md - Enterprise support: - Azure Enterprise Support: azure/support/enterprise-support.md plugins: - techdocs-core - - git-revision-date-localized + - git-revision-date-localized