Merge remote-tracking branch 'origin/main' into add-guide-identify-fi…

…x-invalid-controls-221

docs/getting-started/getting-started-aws/connect-an-account/index.md

@@ -5,7 +5,7 @@ sidebar_label: Connect an AWS Account
 
 # Connect an AWS Account to Guardrails
 
-In this guide, you will deploy the Guardrails IAM access role to your AWS account using a CloudFormation template and then connect that account to Guardrails. 
+In this guide, you will deploy the Guardrails IAM access role to your AWS account using a CloudFormation template and then connect that account to Guardrails.
 
 This is the second guide in the *Getting started with AWS* series.
 
@@ -40,21 +40,25 @@ Wait for the progress bar to complete. The time this takes will depend on how ma
 
 ## Step 5: View Controls by state
 
-Select **Reports** from the top navigation menu. Type `controls` into the **Search reports…** field to show only reports with the word "controls" in their name. Select the **Controls by State** report from the list. 
+Select **Reports** from the top navigation menu. Type `controls` into the **Search reports…** field to show only reports with the word "controls" in their name. Select the **Controls by State** report from the list.
 
 <p><img alt="search-for-controls-reports" src="/images/docs/guardrails/getting-started/getting-started-aws/connect-an-account/search-for-controls-reports.png"/></p>
 
 ## Step 6: Configure report filters
 
 From the filter bar, expand the **Type** dropdown. Then select the checkbox next to **AWS** to limit the report to only show AWS controls.
- 
-Bookmark the **Controls by State** report, you’ll need it in subsequent guides. 
+
+Bookmark the **Controls by State** report, you’ll need it in subsequent guides.
 
 <p><img alt="set-type-filter" src="/images/docs/guardrails/getting-started/getting-started-aws/connect-an-account/set-type-filter.png"/></p>
 
 ## Step 7: View the report
 
-Review the status of your controls for AWS.  `Alarm`, `OK`, `Skipped`, and `TBD` are all common and normal states to see in your account. If you see controls in `Error` or `Invalid` states, those must be cleared before moving further into these guides.  
+Review the status of your controls for AWS.  `Alarm`, `OK`, `Skipped`, and `TBD` are all common and normal states to see in your account.
+
+> [!IMPORTANT]
+> The controls in `Error` or `Invalid` states must be cleared before moving further into these guides.
+> It takes few mins depending on various factors. We suggest to wait and report to [Turbot support]([email protected]), in case these errors are not cleared up automatically.
 
 <p><img alt="aws-controls-by-state" src="/images/docs/guardrails/getting-started/getting-started-aws/connect-an-account/aws-controls-by-state.png"/></p>
 

docs/getting-started/getting-started-aws/prepare-account/index.md

@@ -20,15 +20,15 @@ This is the first guide in the *Getting started with AWS* series.
 
 ## Step 1: Login to Guardrails
 
-Login to your Guardrails console and select the **CONNECT** option from the home page. 
+Login to your Guardrails console and select the **CONNECT** option from the home page.
 
 <p><img alt="locate-top-level-connect" src=" /images/docs/guardrails/getting-started/getting-started-aws/prepare-account/locate-top-level-connect.png"/></p>
 
 ## Step 2: Download the CloudFormation template
 
 Guardrails needs an IAM role that grants permission to discover [resources](/guardrails/docs/reference/glossary#resource) in your account and to monitor changes via event handlers. The CloudFormation template downloaded in this step has the minimum permissions necessary to create that role.
 
-Select **AWS Account** from the left navigation and then click the blue **Download CloudFormation Template** button to download the CloudFormation template you will use to create the required IAM role in your AWS account. 
+Select **AWS Account** from the left navigation and then click the blue **Download CloudFormation Template** button to download the CloudFormation template you will use to create the required IAM role in your AWS account.
 
 <p><img alt="initial-connect-screen" src=" /images/docs/guardrails/getting-started/getting-started-aws/prepare-account/initial-connect-screen.png"/></p>
 
@@ -83,7 +83,6 @@ Select the **Outputs** tab and copy the ARN of the Guardrails IAM role.
 
 In this guide you've learned how to deploy an AWS role that grants minimal permissions to Guardrails using the AWS CloudFormation service.
 
-
 ## Next Steps
 
 In the [next guide](/guardrails/docs/getting-started/getting-started-aws/connect-an-account) you will use the IAM role you just created to import an AWS account into Guardrails.

docs/getting-started/getting-started-azure/apply-quick-action/index.md

@@ -0,0 +1,118 @@
+---
+title: Apply a Quick Action
+sidebar_label: Apply a Quick Action
+---
+
+# Apply a Quick Action
+
+In this guide we’ll show how you can enable Guardrails to perform [Quick Actions](/guardrails/docs/guides/quick-actions) that fix misconfigurations. A Quick Action empowers an administrator to quickly fix misconfigurations by applying a change directly to an underlying Azure resource. In order to use this feature, the role used by Guardrails will need additional permissions to perform those actions. This guide will instruct you how to change the permissions specific to storage accounts, other types of quick actions will require different permission grants.
+
+This is the ninth guide in the *Getting started with Azure series*.
+
+## Prerequisites
+
+- Completion of the previous guides in this series.
+- Access to the Guardrails console with administrative privileges.
+- Access to the Azure portal with administrative privileges to add permissions to the Guardrails role.
+
+## Step 1: Locate the resource group
+
+In the Azure portal, navigate to **Resource Groups** and select the storage accounts you’re using in this series.
+
+<p><img alt="permissions 1" src="/images/docs/guardrails/getting-started/getting-started-azure/apply-quick-action/permissions-1.png"/></p>
+
+## Step 2: Open Access Control (IAM)
+
+<p><img alt="permissions 2" src="/images/docs/guardrails/getting-started/getting-started-azure/apply-quick-action/permissions-2.png"/></p>
+
+## Step 3: Begin role assignment
+
+Expand the **Add** dropdown and choose **Add role assignment**.
+
+<p><img alt="permissions 3" src="/images/docs/guardrails/getting-started/getting-started-azure/apply-quick-action/permissions-3.png"/></p>
+
+## Step 4: Search for the role
+
+Seach for `storage account contributor`, select it, and select **Next**.
+
+<p><img alt="permissions 4" src="/images/docs/guardrails/getting-started/getting-started-azure/apply-quick-action/permissions-4.png"/></p>
+
+## Step 5: Search for registered app
+
+Select **Select members**, search for the name of your registered app, and **Select** it.
+
+<p><img alt="permissions 5" src="/images/docs/guardrails/getting-started/getting-started-azure/apply-quick-action/permissions-5.png"/></p>
+
+## Step 6: Review and assign
+
+<p><img alt="permissions 6" src="/images/docs/guardrails/getting-started/getting-started-azure/apply-quick-action/permissions-6.png"/></p>
+
+## Step 7: Find Quick Actions
+
+Select **Policies** from the top-level navigation. In the search box, type `quick actions`, then select the **Turbot > Quick Actions > Enabled** policy type.
+
+<p><img alt="find_quick_actions_policies" src="/images/docs/guardrails/getting-started/getting-started-aws/apply-quick-action/find-quick-actions-policies.png"/></p>
+
+Select the green **New Policy Setting** button.
+
+<p><img alt="view-quick-actions-enabled-policy-type" src="/images/docs/guardrails/getting-started/getting-started-aws/apply-quick-action/view-quick-actions-enabled-policy-type.png"/></p>
+
+## Step 8: Enable Quick Actions
+
+Choose **Sandbox** as the **Resource**, and then select **Enabled**, and select the green **Create** button.
+
+<p><img alt="aws-enable-quick-actions" src="/images/docs/guardrails/getting-started/getting-started-aws/apply-quick-action/aws-enable-quick-actions.png"/></p>
+
+## Step 9: Find a storage account in Alarm
+
+Use your bookmark to navigate back to the **Controls by State** report and filter on **Azure > Storage > Storage Account > Minimum TLS Version**.
+
+<p><img alt="find_storage_account_in_alarm_for_quick_action" src="/images/docs/guardrails/getting-started/getting-started-azure/apply-quick-action/find-storage-account-in-alarm-for-versioning.png"/></p>
+
+## Step 10: Select a storage account in Alarm
+
+Select a storage account in `Alarm` state from the list of storage accounts.
+
+<p><img alt="select_storage account_in_alarm_for_quick_action" src="/images/docs/guardrails/getting-started/getting-started-azure/apply-quick-action/select-storage-account-in-alarm-for-versioning.png"/></p>
+
+## Step 11: Use a Quick Action
+
+Select the **Actions** dropdown, and choose *Set Minimum TLS Version*.
+
+<p><img alt="expand-quick-actions-dropdown" src="/images/docs/guardrails/getting-started/getting-started-azure/apply-quick-action/expand-quick-actions-dropdown.png"/></p>
+
+## Step 12: Observe the change
+
+Guardrails reports that the action was successful, and the control goes to the `OK` state.
+
+<p><img alt="observe-updated-control" src="/images/docs/guardrails/getting-started/getting-started-azure/apply-quick-action/observe-updated-control.png"/></p>
+
+![alt text](image.png)
+
+## Step 13: Check if it worked
+
+Open a tab to the Azure portal and navigate to the storage account.  Confirm the Guardrails `Quick Action` has correctly set the minimum TLS version.
+
+<p><img alt="observe-azure-console-result" src="/images/docs/guardrails/getting-started/getting-started-azure/apply-quick-action/raw-observe-azure-console-result.png"/></p>
+
+## Step 14: Review
+
+In this guide you enabled Guardrails Quick Actions and used a Quick Action to change a storage account's policy for minimum TLS version.
+
+## Next Steps
+
+In the [next guide](/guardrails/docs/getting-started/getting-started-azure/enable-enforcement) we’ll set Guardrails to automatically enforce these actions continuously.
+
+
+## Progress tracker
+
+- [x] Prepare an Azure Subscription for Import to Guardrails
+- [x] Connect an Azure Subscription to Guardrails
+- [x] Observe Azure Resource Activity
+- [x] Enable Your First Guardrails Policy Pack
+- [x] Review Subscription-Wide Governance
+- [x] Create a Static Exception to a Guardrails Azure Policy
+- [x] Create a Calculated Exception to a Guardrails Azure Policy
+- [x] Send an Alert to Email
+- [x] **Apply a Quick Action**
+- [ ] Enable Automatic Enforcement

docs/getting-started/getting-started-azure/connect-subscription/index.md

@@ -0,0 +1,99 @@
+---
+title: Connect an Azure Subscription to Guardrails
+sidebar_label: Connect an Azure Subscription
+---
+
+# Connect an Azure Subscription to Guardrails
+
+In this guide you will connect a subscription to Guardrails.
+
+This is the second guide in the *Getting started with Azure* series.
+
+## Prerequisites
+
+- Completed the previous guide: **Prepare an Azure Subscription for Import to Guardrails**.
+
+- Access to the Turbot Guardrails console with admin privilege.
+
+## Step 1: Login to Guardrails
+
+Login to your Guardrails console and select the **CONNECT** option from the home page.
+
+<p><img alt="login" src="/images/docs/guardrails/getting-started/getting-started-azure/connect-subscription/login.png"/></p>
+
+## Step 2: Select Azure Subscription
+
+<p><img alt="connect-1" src="/images/docs/guardrails/getting-started/getting-started-azure/connect-subscription/connect-1.png"/></p>
+
+## Step 3: Select location
+
+Use the **Parent Resource** dropdown to select the **Sandbox** folder as the location to import the subscription.
+
+<p><img alt="connect-2" src="/images/docs/guardrails/getting-started/getting-started-azure/connect-subscription/connect-2.png"/></p>
+
+## Step 4: Enter details
+
+If you forgot to save all these details when completing the first guide, you can find them in the Azure portal as follows:
+
+| Parameter          | Location                                                                                                  |
+|--------------------|----------------------------------------------------------------------------------------------------------|
+| **Subscription ID** | The **Home > Subscriptions** page has your *Subscription ID*.                                            |
+| **Tenant ID and Client ID** | The **Home > App registrations** page has *Directory (tenant) ID* and *Application (client) ID*. |
+| **Client Key**     | If you forgot to save the secret's value created earlier, go to **Home > App registrations > YOUR_APP_NAME > Certificates & secrets** to create a new one. Use the *Value* (not the *Secret ID*). |
+
+Select your environment (likely *Global Cloud*).
+
+Select **Connect**.
+
+<p><img alt="connect-3" src="/images/docs/guardrails/getting-started/getting-started-azure/connect-subscription/connect-3.png"/></p>
+
+## Step 5: Observe progress
+
+Wait for the progress bar to complete. The time this takes will depend on how many resources are in the account; it is normal for the progress bar to fluctuate in size as new types of resources are discovered.
+
+<p><img alt="progress" src="/images/docs/guardrails/getting-started/getting-started-azure/connect-subscription/progress-bar.png"/></p>
+
+## Step 6: View Controls by State
+
+Select **Reports** from the top navigation menu. Type `controls` into the **Search reports…** field to show only reports with the word "controls" in their name. Select the **Controls by State** report from the list.
+
+<p><img alt="search-for-controls-reports" src="/images/docs/guardrails/getting-started/getting-started-aws/connect-an-account/search-for-controls-reports.png"/></p>
+
+## Step 7: Configure report filters
+
+From the filter bar, expand the **Type** dropdown. Then select the checkbox next to **Azure** to limit the report to only show Azure controls.
+
+Bookmark the **Controls by State** report, you’ll need it in subsequent guides.
+
+<p><img alt="filter-1" src="/images/docs/guardrails/getting-started/getting-started-azure/connect-subscription/filter-1.png"/></p>
+
+## Step 8: View the report
+
+Review the status of your controls for Azure.  `Alarm`, `OK`, `Skipped`, and `TBD` are all common and normal states to see in your subscription.
+
+> [!IMPORTANT]
+> The controls in `Error` or `Invalid` states must be cleared before moving further into these guides.
+> It takes few mins depending on various factors. We suggest to wait and report to [Turbot support]([email protected]), in case these errors are not cleared up automatically.
+
+<p><img alt="filter-2" src="/images/docs/guardrails/getting-started/getting-started-azure/connect-subscription/filter-2.png"/></p>
+
+## Step 9: Review
+
+In this guide you successfully imported an Azure subscription into Guardrails.
+
+## Next Steps
+
+In the [next guide](/guardrails/docs/getting-started/getting-started-azure/observe-azure-activity) we’ll see how Guardrails monitors cloud events and reacts to resource changes.
+
+## Progress tracker
+
+- [x] Prepare an Azure Subscription for Import to Guardrails
+- [x] **Connect an Azure Subscription to Guardrails**
+- [ ] Observe Azure Resource Activity
+- [ ] Enable Your First Guardrails Policy Pack
+- [ ] Review Subscription-Wide Governance
+- [ ] Create a Static Exception to a Guardrails Azure Policy
+- [ ] Create a Calculated Exception to a Guardrails Azure Policy
+- [ ] Send an Alert to Email
+- [ ] Apply a Quick Action
+- [ ] Enable Automatic Enforcement