Merge pull request #129 from binbashar/feature/how-it-works-cloudtrai…

…l-update

Feature | latest mkdocs + releases and version sections + cloudtrail update

Makefile

@@ -2,7 +2,7 @@
 SHELL         := /bin/bash
 MAKEFILE_PATH := ./Makefile
 MAKEFILES_DIR := ./@bin/makefiles
-MAKEFILES_VER := v0.2.2
+MAKEFILES_VER := v0.2.5
 
 help:
 	@echo 'Available Commands:'

docs/assets/stylesheets/extra.css

@@ -9,6 +9,14 @@
 	}
 }
 
+* {
+    --md-primary-fg-color: #0a192f;
+    --md-primary-fg-color--light: #029c8e;
+    --md-primary-fg-color--dark:  #303C55;
+    --md-typeset-color:   var(--md-default-fg-color);
+    --md-typeset-a-color: var(--md-primary-fg-color--light);
+}
+
 :root {
     --md-primary-fg-color: #0a192f;
     --md-primary-fg-color--light: #029c8e;

docs/how-it-works/features/security/audit-cloudtrail.md

@@ -1,32 +1,43 @@
 # Audit | CloudTrail
 
-AWS CloudTrail monitors and records account activity across your AWS infrastructure, giving you control over storage, analysis, and remediation actions.
-
-
-![Cloudtrail Diagram](../../../assets/images/diagrams/aws-cloudtrail.svg)
-
-!!! note ":bookmark_tabs: [Leverage Reference Architecture | Security Audit](https://github.com/binbashar/le-tf-infra-aws/tree/master/apps-prd/us-east-1/security-audit)"
-
-**CloudTrail module**. Key elements:  
-
-* Destination bucket
-* KMS Key to files encrypt files
-* Include global services
-* Enable multi-regional trail
-
-
-**S3 Bucket Module**. Key elements:
-
-* Lifecycle rule
-* Expiration
-
-**KMS Key Module**. Key elements:
-
-* Deletion Window
-* Policy  
-  *Grant permission to the rest of the accounts to use the key*
-
-# Read More
-
-* :cloud: [AWS Cloudtrail Overview](https://aws.amazon.com/cloudtrail/)
-* :notebook: [Security Pillar - AWS Well-Architected Framework](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/welcome.html)
+## Feature Overview 
+
+AWS CloudTrail monitors and records account activity across your AWS infrastructure, 
+giving you control over storage, analysis, and remediation actions.
+
+!!! info "AWS CloudTrail overview"
+    This service will be configured to enable auditing of all AWS services in all accounts.
+    Once enabled, as shown in the below presented figure, CloudTrail will deliver all events 
+    from all accounts to the Security account in order to have a centralized way to audit 
+    operations on AWS resources.
+    Audit events will be available from CloudTrail for 90 days but a longer retention 
+    time will be available through a centralized S3 bucket.
+
+<figure markdown>
+  ![Cloudtrail Diagram](../../../assets/images/diagrams/aws-cloudtrail.svg){ width="600" }
+    <figcaption style="font-size:15px">
+    <b>Figure:</b> AWS CloudTrail components architecture diagram (just as reference).
+    (Source: Binbash Leverage diagrams, accessed July 6th 2022).
+    </figcaption>
+</figure>
+
+!!! example "![leverage-tf](../../../assets/images/logos/terraform.png "Terraform"){: style="width:25px"} IaC Terraform Codebase <>"
+    - [x] `binbash-management` account | Audit: Cloudtrail
+        - **Code:** [management/us-east-1/security-audit](https://github.com/binbashar/le-tf-infra-aws/tree/master/management/us-east-1/security-audit)
+    - [x] `binbash-security` account | Audit: Cloudtrail & S3 Bucket
+        - **Code:** [security/us-east-1/security-audit](https://github.com/binbashar/le-tf-infra-aws/tree/master/security/us-east-1/security-audit)
+    - [x] `binbash-shared` account | Audit: Cloudtrail
+        - **Code:** [shared/us-east-1/security-audit](https://github.com/binbashar/le-tf-infra-aws/tree/master/shared/us-east-1/security-audit)
+    - [x] `binbash-apps-devstg` account | Audit: Cloudtrail
+        - **Code:** [apps-devstg/us-east-1/security-audit](https://github.com/binbashar/le-tf-infra-aws/tree/master/apps-devstg/us-east-1/security-audit)
+    - [x] `binbash-apps-prd` account | Audit: Cloudtrail
+        - **Code:** [apps-prd/us-east-1/security-audit](https://github.com/binbashar/le-tf-infra-aws/tree/master/apps-prd/us-east-1/security-audit)
+    - [x] `binbash-network` account | Audit: Cloudtrail
+        - **Code:** [network/us-east-1/security-audit](https://github.com/binbashar/le-tf-infra-aws/tree/master/network/us-east-1/security-audit)
+
+## Read more
+
+!!! info "AWS reference links"
+    Consider the following AWS official links as reference:
+
+    * :orange_book: [AWS Cloudtrail Overview](https://aws.amazon.com/cloudtrail/)

docs/user-guide/leverage-cli/reference/terraform.md

@@ -181,7 +181,9 @@ Can only be run at **layer** level.
 
 !!! info "zsh globbing"
     Zsh users may need to prepend `noglob` to the import command for it to be recognized correctly, as an alternative, square brackets can be escaped as `\[\]`
+
     **Examples:**
+
     - Opt-1:  `leverage tf import module.s3_bucket.aws_s3_bucket.this\[0\] s3-bag-data-bucket` 
     - Opt-2:  `noglob leverage tf import module.s3_bucket.aws_s3_bucket.this[0] s3-bag-data-bucket`  
 

docs/work-with-us/releases/releases-and-versions.md

@@ -0,0 +1,46 @@
+# Leverage Product Releases
+Dear Leveragers,
+We're constantly kicking with a lot of improvements and some exciting new features
+
+## Reference Architecture
+
+!!! done ":calendar: RELEASES"
+    - [Releases | Reference Architecture for AWS](https://github.com/binbashar/le-tf-infra-aws/releases)
+    - [Releases | Reference Architecture for HCP Vault](https://github.com/binbashar/le-tf-vault/releases)
+
+## Leverage CLI
+
+!!! done ":calendar: RELEASES"
+    - [Releases | `leverage-cli`](https://github.com/binbashar/leverage)
+
+## Infrastructure as Code Library
+
+!!! done ":calendar: RELEASES"
+    ![leverage-tf](../../../assets/images/logos/terraform.png "Terraform"){: style="width:25px"} **Releases |Terraform Leverage™ Modules** :
+
+    - [terraform-aws-waf-owasp](https://github.com/binbashar/terraform-aws-waf-owasp/releases)
+    - [terraform-aws-cost-billing-alarm](https://github.com/binbashar/terraform-aws-cost-billing-alarm/releases)
+    - [terraform-aws-vpc-flowlogs](https://github.com/binbashar/terraform-aws-vpc-flowlogs/releases)
+    - [terraform-aws-cost-budget](https://github.com/binbashar/terraform-aws-cost-budget/releases)
+    - [terraform-aws-tfstate-backend](https://github.com/binbashar/terraform-aws-tfstate-backend/releases)
+    - [terraform-aws-certbot-lambda](https://github.com/binbashar/terraform-aws-certbot-lambda/releases)
+    - [terraform-aws-ec2-basic-layout](https://github.com/binbashar/terraform-aws-ec2-basic-layout/releases)
+    - [terraform-aws-natgw-notifications](https://github.com/binbashar/terraform-aws-natgw-notifications/releases)
+    - [terraform-aws-guardduty-multiaccount](https://github.com/binbashar/terraform-aws-guardduty-multiaccount/releases)
+    - [terraform-aws-network-firewall](https://github.com/binbashar/terraform-aws-network-firewall/releases)
+    - [terraform-aws-backup-notifications](https://github.com/binbashar/terraform-aws-backup-notifications/releases)
+    - [terraform-aws-rds-export-to-s3](https://github.com/binbashar/terraform-aws-rds-export-to-s3/releases)
+
+    ![leverage-tf](../../../assets/images/logos/terraform.png "Terraform"){: style="width:25px"} **Releases | Terraform Community Forks Modules**:
+
+    - [terraform-aws-sso]([terraform-aws-sso](https://github.com/binbashar/terraform-aws-sso/tags))
+    - ...
+
+    ![leverage-helm](../../../assets/images/logos/helm.png "Terraform"){: style="width:25px"} **Releases | Helm Leverage™ Charts**:
+
+    - [helm-charts](https://github.com/binbashar/helm-charts/blob/master/index.yaml)
+
+## Documentation
+
+!!! done ":calendar: RELEASES"
+    - [Releases | Binbash Leverage™ Documentation](https://github.com/binbashar/le-ref-architecture-doc/releases)

docs/work-with-us/releases/versions-compatibility-matrix.md

@@ -0,0 +1,42 @@
+
+# Leverage Releases & Versioning
+
+Binbash Leverage™ and its components intends to be backward compatible, but due to the complex ecosystems of tools we 
+manage this is not always possible. 
+
+It is always recommended using the latest version of the [Leverage cli](https://pypi.org/project/leverage/) with the latest versions of the 
+[Reference Architecture for AWS](https://github.com/binbashar/le-tf-infra-aws/releases). In case that's 
+not possible we always recommend pinning versions to favor stability and doing controlled updates 
+component by component based on the below presented compatibility matrix table.
+
+## Compatibility Matrix
+
+| Leverage Ref Arch :construction_site: :cloud: version | Leverage Cli | Terraform | Terraform AWS provider | K8s EKS   |
+|-------------------------------------------------------|--------------|-----------|------------------------|-----------|
+| v1.8.1                                                | v1.7.2       | >= 1.1.9  | 3.27.x, 4.x.y          | 1.20-1.22 |
+| v1.7.2                                                | v1.6.2       | >= 1.1.3  | 3.27.x, 4.x.y          | 1.17-1.19 |
+| ~~v1.3.73~~                                           | v1.2.0       | 1.0.x     | 3.27.x                 | 1.17      |
+| ~~v1.3.25~~                                           | v1.0.10      | 0.14.x    | 3.27.x                 | 1.17      |
+
+Releases which are ~~crossed out~~ _should_ work, but are unlikely to get security or other fixes.
+We suggest they should be upgraded soon.
+
+## Release Schedule
+
+This project does not follow the **Terraform** or other release schedule. Leverage aims to
+provide a reliable deployment and operations experience for the [Binbash Leverage™ Reference Architecture
+for AWS](https://leverage.binbash.com.ar/how-it-works/ref-architecture/), and typically releases about a quarter after 
+the corresponding Terraform release. This time allows for the Terraform project to resolve any issues introduced 
+by the new version and ensures that we can support the latest features.
+
+## Read more
+
+!!! info "Reference links"
+    Consider the following extra links as reference:
+
+    - :blue_book: [Hashicorp Terraform releases](https://github.com/hashicorp/terraform/releases)
+    - :orange_book: [Amazon EKS Kubernetes release calendar](https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html#kubernetes-release-calendar)
+    - :orange_book: [Amazon EKS Kubernetes versions - Amazon EKS](https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html)
+
+
+

material/overrides/home-es.html

@@ -287,7 +287,7 @@ <h1 id="tech-stack">Nuestro stack de tecnologías</h1>
                 </p><br>
 
                 <a
-                        href="https://leverage.binbash.com.ar/how-it-works/general-concepts/why-tech-stack/"
+                        href="https://leverage.binbash.com.ar/how-it-works/ref-architecture/general-concepts/why-tech-stack/"
                         title="{{ page.next_page.title | e }}"
                         class="md-button md-button"
                 >

material/overrides/home.html

@@ -287,7 +287,7 @@ <h1 id="tech-stack">Our tech stack</h1>
                 </p><br>
 
                 <a
-                        href="https://leverage.binbash.com.ar/how-it-works/general-concepts/why-tech-stack/"
+                        href="https://leverage.binbash.com.ar/how-it-works/ref-architecture/general-concepts/why-tech-stack/"
                         title="{{ page.next_page.title | e }}"
                         class="md-button md-button"
                 >

material/overrides/main-styles.html

@@ -54,6 +54,7 @@
     }
 
     .tx-container {
+        --md-primary-fg-color: #0a192f;
         height: fit-content;
         padding-top: 0rem;
         background: url("data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 1123 258'><path d='M1124,2c0,0 0,256 0,256l-1125,0l0,-48c0,0 16,5 55,5c116,0 197,-92 325,-92c121,0 114,46 254,46c140,0 214,-167 572,-166Z' style='fill: white' /></svg>") no-repeat bottom, linear-gradient(to bottom, var(--md-primary-fg-color), #2a978d 99%, #fff 99%)
@@ -164,6 +165,7 @@
     }
 
     .tx-container-3 {
+        --md-primary-fg-color: #0a192f;
         height: auto;
         background: linear-gradient(to bottom, var(--md-primary-fg-color), #02162f 100%, #fff 99%);
     }

mkdocs.yml

@@ -110,6 +110,11 @@ markdown_extensions:
   - meta
   - md_in_html
   - codehilite
+  - pymdownx.critic
+  - pymdownx.caret
+  - pymdownx.keys
+  - pymdownx.mark
+  - pymdownx.tilde
   - pymdownx.tabbed
   - pymdownx.details
   - pymdownx.inlinehilite
@@ -302,8 +307,9 @@ nav:
       - Overview: "work-with-us/index.md"
       - Support:
           - Support: "work-with-us/support.md"
-          - Updates:
-              - December 2021: "work-with-us/updates/product-updates-12-2021.md"
+      - Releases:
+          - Releases and Versions: "work-with-us/releases/releases-and-versions.md"
+          - Versions compatibility matrix: "work-with-us/releases/versions-compatibility-matrix.md"
       - Leverage vs Competition: "work-with-us/leverage-vs-competition.md"
       #- Subscription Plans: "work-with-us/subscription-plans.md"
       - Contribute: "work-with-us/contribute.md"