(docs)yet even more updates

Author: Brian Mycroft

docs/architectures/pbmm/AWS_PBMM_Accel_Account_Network_VPC.md

@@ -1,15 +1,25 @@
 # AWS Accelerator Prescriptive Sample Architecture
 
+## Shared VPC Architecture
+
 ![PBMM1 Diagram](./images/PBMM1.png)
 
 ![PBMM1 Diagram](./images/PBMM2.png)
 
+## Spoke VPC Architecture
+
+![PBMM1 Diagram](./images/PBMM-Spoke.png)
+
+## VPC and Security Group Patterns
+
 ![PBMM1 Diagram](./images/PBMM3.png)
 
 ![PBMM1 Diagram](./images/PBMM4.png)
 
 ![PBMM1 Diagram](./images/PBMM5.png)
 
+## Additional Perimeter Patterns
+
 ![PBMM1 Diagram](./images/perimeter-NFW.png)
 
 ![PBMM1 Diagram](./images/perimeter-NFW-flows.png)
@@ -18,7 +28,6 @@
 
 ![PBMM1 Diagram](./images/perimeter-NFW-GWLB.png)
 
-
 ---
 
 [...Return to Accelerator Table of Contents](../../index.md)

docs/architectures/pbmm/AWS_PBMM_Accel_Account_Network_VPC.pdf

@@ -24,10 +24,14 @@
 
 ### - Prescriptive PBMM Architecture Design [Document](./architectures/pbmm/architecture.md) (Early Draft)
 
-- AWS PBMM architecture sample [diagrams](./architectures/pbmm/AWS_PBMM_Accel_Account_Network_VPC.md)
+- Accelerator Prescriptive Architecture Sample [diagrams](./docs/architectures/pbmm/AWS_PBMM_Accel_Account_Network_VPC.md)
 
 ---
 
-Note: A ZIP file containing a PDF version of the documentation is attached as an asset of each [release](https://github.com/aws-samples/aws-secure-environment-accelerator/releases).
+Note: Two ZIP files are attached as assets of each [release](https://github.com/aws-samples/aws-secure-environment-accelerator/releases):
+
+- one contains a PDF version of the above documentation
+- the second contains the _DRAFT_ of the config file schema documentation, auto generated from a combination of the typescript schema and the field definitions used in the future GUI
+  - Extract and open src\lib\docs-gen\output-docs\en\index.html in your browser
 
 ---

docs/architectures/pbmm/images/PBMM-Spoke.png

@@ -61,6 +61,7 @@ The upgrade from v1.3.8 to v1.5.0 is generally the same as any previous Accelera
 
   - we recommend you change your `rdgw-instance-type` and `rsyslog-instance-type` from t2._ to t3._ (they will auto-replace on the next instance refresh) (Optional)
   - optionally remove the `"API_GW_EXECUTION_LOGGING_ENABLED"` config rule throughout, as it overlaps with an identical Security Hub config rule.
+  - we added the capability to deploy a Config aggregator in any of the central services accounts (i.e. Log-archive, Security, Operations), by adding `"config-aggr": true` to either: `central-security-services`, `central-operations-services`, or `central-log-services`. The existing aggregator in the Org management account will remain.
   - the DynamoDB tables (`PBMMAccel-cidr-vpc-assign` and `PBMMAccel-cidr-subnet-assign`) can be populated with your EXISTING utilized CIDR ranges using the upgrade script _after_ the upgrade is complete. If you want to dynamically assign CIDR ranges for new VPC's, you need to add a new `cidr-pools` section to your config file. This new section of the config file should not be added during an upgrade.
     - this populates a third new DynamoDB table named `PBMMAccel-cidr-pool` which stores CIDR ranges to select from for new CIDR assignments. This table works together with the other two DynamoDB tables to track, assign and maintain non-overlapping CIDR ranges based on a pool name and region.
   - the new example config files also introduced several new internally resolvable variables (`${CONFIG::OU_NAME}` and `${CONFIG::VPC_NAME}`), which when used thoughtfully along with the new dynamic CIDR feature, enables multi-part config file customers to define the VPCs for multiple OU's in a single shared nested config file. These new variables should be ignored during an upgrade.

docs/index.md

@@ -84,8 +84,7 @@
       "macie-sensitive-sh": true,
       "fw-mgr-alert-level": "Low",
       "security-hub-findings-sns": "Low",
-      "add-sns-topics": true,
-      "config-aggr": true
+      "add-sns-topics": true
     },
     "central-operations-services": {
       "account": "operations",