Fixes to automated document generation (#417)

dliggat · web-flow · commit 2029e9a8f148 · 2020-10-09T07:26:27.000-04:00
* Minor fixes for document generation
* Minor fixes to variables
* Fix doc
* Adding workflow_run key
diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml
@@ -1,4 +1,10 @@
-on: workflow_dispatch
+on:
+  workflow_dispatch:
+  workflow_run:
+    workflows: ["Merge Release Branch"]
+    branches: [master]
+    types:
+      - completed
 
 name: Generate Documentation
 
@@ -17,15 +23,23 @@ jobs:
           sudo apt install librsvg2-bin
           sudo apt install 'fonts-dejavu*'
 
-      - name: Mkdir documentation
+      - name: Setup Env
+        id: setup
+        env:
+          PREFIX: AWS-SEA
+          SUFFIX: Documentation
         run: |
-          mkdir documentation
+          mkdir ${PREFIX}-${SUFFIX}
+          echo ::set-output name=prefix::$(echo "${PREFIX}")
+          echo ::set-output name=suffix::$(echo "${SUFFIX}")
+          echo ::set-output name=dir::$(echo "${PREFIX}-${SUFFIX}")
+
 
       - name: PDF output 0
         uses: docker://pandoc/latex:2.10
         with:
           args: >
-            --output=documentation/0-AWS-SEA-Solution-Summary.pdf
+            --output=${{ steps.setup.outputs.dir }}/0-${{ steps.setup.outputs.prefix }}-Solution-Summary.pdf
             --from=gfm
             --resource-path=.:docs/architectures/pbmm:docs/installation:docs/operations
             -V linkcolor:blue
@@ -40,7 +54,7 @@ jobs:
         uses: docker://pandoc/latex:2.10
         with:
           args: >
-            --output=documentation/1-AWS-SEA-Installation-Guide.pdf
+            --output=${{ steps.setup.outputs.dir }}/1-${{ steps.setup.outputs.prefix }}-Installation-Guide.pdf
             --from=gfm
             --resource-path=.:docs/architectures/pbmm:docs/installation:docs/operations
             -V linkcolor:blue
@@ -55,7 +69,7 @@ jobs:
         uses: docker://pandoc/latex:2.10
         with:
           args: >
-            --output=documentation/2a-AWS-SEA-Config-File-Options-ToC.pdf
+            --output=${{ steps.setup.outputs.dir }}/2a-${{ steps.setup.outputs.prefix }}-Config-File-Options-ToC.pdf
             --from=gfm
             --resource-path=.:docs/architectures/pbmm:docs/installation:docs/operations
             -V linkcolor:blue
@@ -68,13 +82,13 @@ jobs:
 
       - name: Copy file output 2b
         run: |
-          cp reference-artifacts/config.example.json documentation/2b-AWS-SEA-config.example.json
+          cp reference-artifacts/config.example.json ${{ steps.setup.outputs.dir }}/2b-${{ steps.setup.outputs.prefix }}-config.example.json
 
       - name: PDF output 2c
         uses: docker://pandoc/latex:2.10
         with:
           args: >
-            --output=documentation/2c-AWS-SEA-Multi-file-Config-Capabilities.pdf
+            --output=${{ steps.setup.outputs.dir }}/2c-${{ steps.setup.outputs.prefix }}-Multi-file-Config-Capabilities.pdf
             --from=gfm
             --resource-path=.:docs/architectures/pbmm:docs/installation:docs/operations
             -V linkcolor:blue
@@ -89,7 +103,7 @@ jobs:
         uses: docker://pandoc/latex:2.10
         with:
           args: >
-            --output=documentation/2d-AWS-SEA-Config-Sample-Snippets.pdf
+            --output=${{ steps.setup.outputs.dir }}/2d-${{ steps.setup.outputs.prefix }}-Config-Sample-Snippets.pdf
             --from=gfm
             --resource-path=.:docs/architectures/pbmm:docs/installation:docs/operations
             -V linkcolor:blue
@@ -102,13 +116,13 @@ jobs:
 
       - name: Copy file output 2e
         run: |
-          cp reference-artifacts/Third-Party/firewall-example.txt documentation/2e-AWS-SEA-firewall-example.txt
+          cp reference-artifacts/Third-Party/firewall-example.txt ${{ steps.setup.outputs.dir }}/2e-${{ steps.setup.outputs.prefix }}-firewall-example.txt
 
       - name: PDF output 2f
         uses: docker://pandoc/latex:2.10
         with:
           args: >
-            --output=documentation/2f-AWS-SEA-Firewall-config-Customizations.pdf
+            --output=${{ steps.setup.outputs.dir }}/2f-${{ steps.setup.outputs.prefix }}-Firewall-config-Customizations.pdf
             --from=gfm
             --resource-path=.:docs/architectures/pbmm:docs/installation:docs/operations
             -V linkcolor:blue
@@ -119,11 +133,26 @@ jobs:
             --pdf-engine=xelatex
             ./reference-artifacts/master-config-sample-snippets/firewall_file_available_variables.md
 
+      - name: PDF output 2g
+        uses: docker://pandoc/latex:2.10
+        with:
+          args: >
+            --output=${{ steps.setup.outputs.dir }}/2g-${{ steps.setup.outputs.prefix }}-logging-locations.pdf
+            --from=gfm
+            --resource-path=.:docs/architectures/pbmm:docs/installation:docs/operations
+            -V linkcolor:blue
+            -V geometry:paperwidth=8.5in
+            -V geometry:paperheight=11in
+            -V geometry:margin=.8in
+            -V documentclass=report
+            --pdf-engine=xelatex
+            docs/architectures/pbmm/log-file-locations.md
+
       - name: PDF output 3
         uses: docker://pandoc/latex:2.10
         with:
           args: >
-            --output=documentation/3-AWS-SEA-Operations-Troubleshooting-Guide.pdf
+            --output=${{ steps.setup.outputs.dir }}/3-${{ steps.setup.outputs.prefix }}-Operations-Troubleshooting-Guide.pdf
             --from=gfm
             --resource-path=.:docs/architectures/pbmm:docs/installation:docs/operations
             -V linkcolor:blue
@@ -140,7 +169,7 @@ jobs:
         uses: docker://pandoc/latex:2.10
         with:
           args: >
-            --output=documentation/4-AWS-SEA-Developer-Guide.pdf
+            --output=${{ steps.setup.outputs.dir }}/4-${{ steps.setup.outputs.prefix }}-Developer-Guide.pdf
             --from=gfm
             --resource-path=.:docs/architectures/pbmm:docs/installation:docs/operations
             -V linkcolor:blue
@@ -155,7 +184,7 @@ jobs:
         uses: docker://pandoc/latex:2.10
         with:
           args: >
-            --output=documentation/5-AWS-SEA-PBMM-Architecture.pdf
+            --output=${{ steps.setup.outputs.dir }}/5-${{ steps.setup.outputs.prefix }}-PBMM-Architecture.pdf
             --from=gfm
             --resource-path=.:docs/architectures/pbmm:docs/installation:docs/operations
             -V linkcolor:blue
@@ -168,8 +197,8 @@ jobs:
 
       - name: Zip
         run: |
-          zip -r documentation.zip documentation/
+          zip -r ${{ steps.setup.outputs.dir }}.zip ${{ steps.setup.outputs.dir }}/
       - uses: actions/upload-artifact@master
         with:
-          name: documentation.zip
-          path: documentation.zip
+          name: ${{ steps.setup.outputs.dir }}
+          path: ${{ steps.setup.outputs.dir }}.zip
diff --git a/docs/architectures/pbmm/architecture.md b/docs/architectures/pbmm/architecture.md
@@ -10,80 +10,63 @@ It is anticipated we will offer multiple sample architectures with the AWS SEA s
 
 <!-- TOC depthFrom:2 -->
 
-- [AWS Secure Environment Architecture](#aws-secure-environment-architecture)
-- [Table of Contents](#table-of-contents)
-  - [1. Introduction](#1-introduction)
-    - [1.1. Purpose of Document](#11-purpose-of-document)
-    - [1.2. Overview](#12-overview)
-    - [1.3. Document Convention](#13-document-convention)
-      - [1.3.1. AWS Account Numbers](#131-aws-account-numbers)
-      - [1.3.2. JSON Annotation](#132-json-annotation)
-      - [1.3.3. IP Addresses](#133-ip-addresses)
-    - [1.4. Department Naming](#14-department-naming)
-    - [1.5. Relationship to AWS Landing Zone](#15-relationship-to-aws-landing-zone)
-  - [2. Account Structure](#2-account-structure)
-    - [2.1. Accounts](#21-accounts)
-    - [2.2. Master Account](#22-master-account)
-      - [2.2.1. AWS SSO](#221-aws-sso)
-      - [2.2.2. Organizational Units](#222-organizational-units)
-        - [2.2.2.1. Core OU](#2221-core-ou)
-        - [2.2.2.2. Central OU](#2222-central-ou)
-        - [2.2.2.3. Functional OU: Sandbox](#2223-functional-ou-sandbox)
-        - [2.2.2.4. Functional OU: UnClass](#2224-functional-ou-unclass)
-        - [2.2.2.5. Functional OU: Dev](#2225-functional-ou-dev)
-        - [2.2.2.6. Functional OU: Test](#2226-functional-ou-test)
-        - [2.2.2.7. Functional OU: Prod](#2227-functional-ou-prod)
-        - [2.2.2.8. Suspended OU](#2228-suspended-ou)
-    - [2.3. Mandatory Accounts](#23-mandatory-accounts)
-      - [2.3.1. Master](#231-master)
-      - [2.3.2. Perimeter](#232-perimeter)
-      - [2.3.3. Shared Network](#233-shared-network)
-      - [2.3.4. Operations](#234-operations)
-      - [2.3.5. Log Archive](#235-log-archive)
-      - [2.3.6. Security](#236-security)
-    - [2.4. Functional Accounts](#24-functional-accounts)
-    - [2.5. Account Level Settings](#25-account-level-settings)
-    - [2.6. Private Marketplace](#26-private-marketplace)
-  - [3. Networking](#3-networking)
-    - [3.1. Overview](#31-overview)
-    - [3.2. Perimeter](#32-perimeter)
-      - [3.2.1. IP Ranges](#321-ip-ranges)
-    - [3.3. Shared Network](#33-shared-network)
-      - [3.3.1. Transit Gateway](#331-transit-gateway)
-      - [3.3.2. Endpoint VPC](#332-endpoint-vpc)
-      - [3.3.3. Endpoint VPC: Interface Endpoints](#333-endpoint-vpc-interface-endpoints)
-      - [3.3.4. Endpoint VPC: Hybrid DNS](#334-endpoint-vpc-hybrid-dns)
-        - [3.3.4.1. Within The Cloud](#3341-within-the-cloud)
-        - [3.3.4.2. From Cloud to On-Premises](#3342-from-cloud-to-on-premises)
-        - [3.3.4.3. From On-Premises to Cloud](#3343-from-on-premises-to-cloud)
-      - [3.3.5. Workload VPCs](#335-workload-vpcs)
-        - [3.3.5.1. Security Groups](#3351-security-groups)
-        - [3.3.5.2. NACLs](#3352-nacls)
-      - [3.3.6. Central VPC](#336-central-vpc)
-        - [3.3.6.1. Domain Joining](#3361-domain-joining)
-      - [3.3.7. Sandbox VPC](#337-sandbox-vpc)
-  - [4. Authorization and Authentication](#4-authorization-and-authentication)
-    - [4.1. Relationship to the Master Account](#41-relationship-to-the-master-account)
-    - [4.2. Break Glass Accounts](#42-break-glass-accounts)
-    - [4.3. Control Plane Access via AWS SSO](#43-control-plane-access-via-aws-sso)
-      - [4.3.1. SSO User Roles](#431-sso-user-roles)
-      - [4.3.2. Principal Authorization](#432-principal-authorization)
-    - [4.4. Root Authorization](#44-root-authorization)
-    - [4.5. Service Roles](#45-service-roles)
-    - [4.6. Service Control Policies](#46-service-control-policies)
-      - [4.6.1. PBMM Only](#461-pbmm-only)
-      - [4.6.2. PBMM Unclass Only](#462-pbmm-unclass-only)
-      - [4.6.3. PBMM Guardrails (Parts 1 and 2)](#463-pbmm-guardrails-parts-1-and-2)
-        - [4.6.3.1. Encryption at Rest](#4631-encryption-at-rest)
-      - [4.6.4. Quarantine Deny All](#464-quarantine-deny-all)
-      - [4.6.5. Quarantine New Object](#465-quarantine-new-object)
-  - [5. Logging and Monitoring](#5-logging-and-monitoring)
-    - [5.1. CloudTrail](#51-cloudtrail)
-    - [5.2. VPC Flow Logs](#52-vpc-flow-logs)
-    - [5.3. GuardDuty](#53-guardduty)
-    - [5.4. Config](#54-config)
-    - [5.5. Cloudwatch Logs](#55-cloudwatch-logs)
-    - [5.6. SecurityHub](#56-securityhub)
+- [1. Introduction](#1-introduction)
+  - [1.1. Purpose of Document](#11-purpose-of-document)
+  - [1.2. Overview](#12-overview)
+  - [1.3. Document Convention](#13-document-convention)
+    - [1.3.1. AWS Account Numbers](#131-aws-account-numbers)
+    - [1.3.2. JSON Annotation](#132-json-annotation)
+    - [1.3.3. IP Addresses](#133-ip-addresses)
+  - [1.4. Department Naming](#14-department-naming)
+  - [1.5. Relationship to AWS Landing Zone](#15-relationship-to-aws-landing-zone)
+- [2. Account Structure](#2-account-structure)
+  - [2.1. Accounts](#21-accounts)
+  - [2.2. Master Account](#22-master-account)
+    - [2.2.1. AWS SSO](#221-aws-sso)
+    - [2.2.2. Organizational Units](#222-organizational-units)
+  - [2.3. Mandatory Accounts](#23-mandatory-accounts)
+    - [2.3.1. Master](#231-master)
+    - [2.3.2. Perimeter](#232-perimeter)
+    - [2.3.3. Shared Network](#233-shared-network)
+    - [2.3.4. Operations](#234-operations)
+    - [2.3.5. Log Archive](#235-log-archive)
+    - [2.3.6. Security](#236-security)
+  - [2.4. Functional Accounts](#24-functional-accounts)
+  - [2.5. Account Level Settings](#25-account-level-settings)
+  - [2.6. Private Marketplace](#26-private-marketplace)
+- [3. Networking](#3-networking)
+  - [3.1. Overview](#31-overview)
+  - [3.2. Perimeter](#32-perimeter)
+    - [3.2.1. IP Ranges](#321-ip-ranges)
+  - [3.3. Shared Network](#33-shared-network)
+    - [3.3.1. Transit Gateway](#331-transit-gateway)
+    - [3.3.2. Endpoint VPC](#332-endpoint-vpc)
+    - [3.3.3. Endpoint VPC: Interface Endpoints](#333-endpoint-vpc-interface-endpoints)
+    - [3.3.4. Endpoint VPC: Hybrid DNS](#334-endpoint-vpc-hybrid-dns)
+    - [3.3.5. Workload VPCs](#335-workload-vpcs)
+    - [3.3.6. Central VPC](#336-central-vpc)
+    - [3.3.7. Sandbox VPC](#337-sandbox-vpc)
+- [4. Authorization and Authentication](#4-authorization-and-authentication)
+  - [4.1. Relationship to the Master Account](#41-relationship-to-the-master-account)
+  - [4.2. Break Glass Accounts](#42-break-glass-accounts)
+  - [4.3. Control Plane Access via AWS SSO](#43-control-plane-access-via-aws-sso)
+    - [4.3.1. SSO User Roles](#431-sso-user-roles)
+    - [4.3.2. Principal Authorization](#432-principal-authorization)
+  - [4.4. Root Authorization](#44-root-authorization)
+  - [4.5. Service Roles](#45-service-roles)
+  - [4.6. Service Control Policies](#46-service-control-policies)
+    - [4.6.1. PBMM Only](#461-pbmm-only)
+    - [4.6.2. PBMM Unclass Only](#462-pbmm-unclass-only)
+    - [4.6.3. PBMM Guardrails (Parts 1 and 2)](#463-pbmm-guardrails-parts-1-and-2)
+    - [4.6.4. Quarantine Deny All](#464-quarantine-deny-all)
+    - [4.6.5. Quarantine New Object](#465-quarantine-new-object)
+- [5. Logging and Monitoring](#5-logging-and-monitoring)
+  - [5.1. CloudTrail](#51-cloudtrail)
+  - [5.2. VPC Flow Logs](#52-vpc-flow-logs)
+  - [5.3. GuardDuty](#53-guardduty)
+  - [5.4. Config](#54-config)
+  - [5.5. Cloudwatch Logs](#55-cloudwatch-logs)
+  - [5.6. SecurityHub](#56-securityhub)
 
 <!-- /TOC -->
 
diff --git a/docs/installation/installation.md b/docs/installation/installation.md
@@ -513,6 +513,8 @@ Finally, while we started with a goal of delivering on the 12 guardrails, we bel
 
    [action]: https://github.com/aws-samples/aws-secure-environment-accelerator/blob/master/.github/workflows/publish.yml
 
+9. Note that a successful run of this workflow will automatically kick off the "Generate Documentation" workflow. That workflow may be initiated at any time manually via the GitHub Actions UI (since it is configured as a `workflow_dispatch` action).
+
 ---
 
 [...Return to Accelerator Table of Contents](../index.md)
diff --git a/docs/toc-generation.md b/docs/toc-generation.md
@@ -4,6 +4,8 @@ Easy and automated ToC generation:
 
 - Visual Studio Code Plugin - Markdown All in One - https://marketplace.visualstudio.com/items?itemName=yzhang.markdown-all-in-one
 
+Note: The PDF engine (`pandoc/latex`) used in the `Release Documentation` action does not like deeply nested markdown lists. Accordingly, use `Depth From: 2` and `Depth to: 4` in Table of Contents generation.
+
 Other alternatives:
 
 - Table of Contents can be generated for Markdown documents using the following tool: https://github.com/AlanWalk/Markdown-TOC
