diff --git a/_articles/accounts.md b/_articles/accounts.md index b22bfc65..79dd2bbc 100644 --- a/_articles/accounts.md +++ b/_articles/accounts.md @@ -28,6 +28,6 @@ This page lists various services that login.gov team uses to do work. - OpsGenie - search.gov dashboard -[onboarding]: {{site.url}}/articles/onboarding.html -[offboarding]: {{site.url}}/articles/offboarding.html +[onboarding]: {% link _articles/onboarding.md %} +[offboarding]: {% link _articles/offboarding.md %} [handbook-appendix]: https://docs.google.com/document/d/1ZMpi7Gj-Og1dn-qUBfQHqLc1Im7rUzDmIxKn11DPJzk/edit#heading=h.1c3ohc5eqn5r diff --git a/_articles/appdev-deploy.md b/_articles/appdev-deploy.md index ab42e1f0..49eb8e51 100644 --- a/_articles/appdev-deploy.md +++ b/_articles/appdev-deploy.md @@ -9,7 +9,7 @@ This is a guide for the Release Manager, the engineer who shepherds code to stag This guide assumes that: - You have a [GPG key set up with GitHub](https://help.github.com/en/github/authenticating-to-github/adding-a-new-gpg-key-to-your-github-account) (for signing commits) -- You have [set up `aws-vault`]({{site.baseurl}}/articles/infrastructure-setting-up-aws-vault.html), and have can SSH (via `ssm-instance`) in to our production environment +- You have [set up `aws-vault`]({% link _articles/infrastructure-setting-up-aws-vault.md %}), and have can SSH (via `ssm-instance`) in to our production environment Note: it is a good idea to make sure you have the latest pulled down from identity-devops - lots of goood improvements all the time! diff --git a/_articles/appdev-lambda-jobs.md b/_articles/appdev-lambda-jobs.md index 6f9846ca..b3ec527b 100644 --- a/_articles/appdev-lambda-jobs.md +++ b/_articles/appdev-lambda-jobs.md @@ -155,4 +155,4 @@ Here's the step-by-step to enable the lambda background jobs workflow in the IDP 3. Recyle the IDP so the changes take effect -[secrets-config]: {{site.baseurl}}/articles/appdev-secrets-configuration.html +[secrets-config]: {% link _articles/appdev-secrets-configuration.md %} diff --git a/_articles/incident-response-checklist.md b/_articles/incident-response-checklist.md index 86251244..f9fdee46 100644 --- a/_articles/incident-response-checklist.md +++ b/_articles/incident-response-checklist.md @@ -19,12 +19,12 @@ This is a quick checklist for any incident (security, privacy, outage, degraded ## Assess -* [Incident confirmed]({{site.baseurl}}/articles/secops-incident-response-guide.html#initiate-phase) +* [Incident confirmed]({% link _articles/secops-incident-response-guide.md %}#initiate-phase) - System security potentially compromised - System unavailable or functionality degraded - System under significant active attack from outside or inside threat - System integrity in question -* [Severity assigned]({{site.baseurl}}/articles/secops-incident-response-guide.html#incident-severities) (can be changed later as new information is collected) +* [Severity assigned]({% link _articles/secops-incident-response-guide.md %}#incident-severities) (can be changed later as new information is collected) - **High**: Confirmed PII breach, confirmed security penetration, complete outage - **Medium**: Suspected PII breach, suspected security penetration, partial outage - **Low**: Suspected attack, outage of non-prod persistent system (`int`) @@ -56,5 +56,5 @@ This is a quick checklist for any incident (security, privacy, outage, degraded # Resources * [Official login.gov Incident Response plan](https://drive.google.com/file/d/1Em3F3oZF_SRuuRLqwr6-pwlE4iNmT2ix/view): The authoritative source -* [login.gov Security Incident Response Guide]({{site.baseurl}}/articles/secops-incident-response-guide.html): IR guidance and overview, defer to the official IR plan +* [login.gov Security Incident Response Guide]({% link _articles/secops-incident-response-guide.md %}): IR guidance and overview, defer to the official IR plan * [NIST 800-61r2 Computer Security Incident Response Guide](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf) diff --git a/_articles/infrastructure-acceptance-criteria.md b/_articles/infrastructure-acceptance-criteria.md index ae1f0309..ac160c3c 100644 --- a/_articles/infrastructure-acceptance-criteria.md +++ b/_articles/infrastructure-acceptance-criteria.md @@ -93,7 +93,7 @@ The full process of accepting, working on, and completing an Issue is as follows * Move Issue back to the **In Progress** column * Collaborate with the DevOps team (assigned engineer and/or others) to drive the story to completion -An Issue is **Done** when ACs are met and evidence is documented. The On-Call addresses outstanding ACs daily to keep things moving, and will clear out any remaining Issues during the [weekly `AC Club` hangout]({{site.baseurl}}/articles/infrastructure-ceremonies.html#ac-club), which provides a dedicated time for auditing/verifying Issues. The **Done** column is reset at the beginning of every sprint cycle. +An Issue is **Done** when ACs are met and evidence is documented. The On-Call addresses outstanding ACs daily to keep things moving, and will clear out any remaining Issues during the [weekly `AC Club` hangout]({% link _articles/infrastructure-ceremonies.md %}#ac-club), which provides a dedicated time for auditing/verifying Issues. The **Done** column is reset at the beginning of every sprint cycle. ## Pull Requests diff --git a/_articles/infrastructure-ceremonies.md b/_articles/infrastructure-ceremonies.md index 8a5028b2..1f3143e8 100644 --- a/_articles/infrastructure-ceremonies.md +++ b/_articles/infrastructure-ceremonies.md @@ -67,7 +67,7 @@ Used for the weekly handoff between the current and previous On-Call team member - Previous On-Call(s): fill out "What ops stuff happened last week?" section of doc - Current On-Call(s): fill out "What ops stuff is happening this week?" section of doc -Start the meeting with those sections of the doc, following the [On-Call review and handoff procedures]({{site.baseurl}}/articles/infrastructure-oncall-guide.html#procedure) when doing so. Follow the On-Call review with either [Sprint Planning](#sprint-planning) or [Backlog Refinement](#backlog-refinement) depending upon the week. +Start the meeting with those sections of the doc, following the [On-Call review and handoff procedures]({% link _articles/infrastructure-oncall-guide.md %}#procedure) when doing so. Follow the On-Call review with either [Sprint Planning](#sprint-planning) or [Backlog Refinement](#backlog-refinement) depending upon the week. ### Sprint Retro (Part of [Weekly Omnibus](#weekly-omnibus); done at the start of a new sprint) diff --git a/_articles/infrastructure-iam-configs.md b/_articles/infrastructure-iam-configs.md index 54ae810f..b2278f5d 100644 --- a/_articles/infrastructure-iam-configs.md +++ b/_articles/infrastructure-iam-configs.md @@ -7,7 +7,7 @@ category: Infrastructure ## Overview -A set of modules in [`identity-terraform`](https://github.com/18F/identity-terraform) are used to create the full mappings between the users, groups, roles, and accounts across the org. Please refer to the [AWS Accounts and IAM Groups/Roles]({{site.baseurl}}/articles/infrastructure-aws-accounts-and-roles.html) page for specific data about our existing AWS accounts/groups/roles/etc. +A set of modules in [`identity-terraform`](https://github.com/18F/identity-terraform) are used to create the full mappings between the users, groups, roles, and accounts across the org. Please refer to the [AWS Accounts and IAM Groups/Roles]({% link _articles/infrastructure-aws-accounts-and-roles.md %}) page for specific data about our existing AWS accounts/groups/roles/etc. ## Terraform Configuration @@ -157,7 +157,7 @@ An individual AWS IAM account can only be part of _one_ AccountType. If you requ If a new AWS account is added to the Login.gov organization, the following changes will be needed to provide IAM permissions/access to it. _Prerequisites:_ -* Determine the **Friendly Name**, **Alias**, **CLI Prefix**, **AWS Account ID**, and **Account Type** as per the other examples in [the AWS Accounts matrix]({{site.baseurl}}/articles/infrastructure-aws-accounts-and-roles.html). Add a new line with those values to the matrix as part of a PR update to this document. +* Determine the **Friendly Name**, **Alias**, **CLI Prefix**, **AWS Account ID**, and **Account Type** as per the other examples in [the AWS Accounts matrix]({% link _articles/infrastructure-aws-accounts-and-roles.md %}). Add a new line with those values to the matrix as part of a PR update to this document. * Verify that there is at least one NON-Terraform-managed IAM user profile with the equivalent of _FullAdministrator_ permissions within the account. This user will perform the initial run of `terraform/all` to create the Roles in the account, allowing users within `terraform/master` to Assume these Roles. _Steps:_ diff --git a/_articles/infrastructure-oncall-guide.md b/_articles/infrastructure-oncall-guide.md index 6ae9910d..40a9a561 100644 --- a/_articles/infrastructure-oncall-guide.md +++ b/_articles/infrastructure-oncall-guide.md @@ -17,11 +17,11 @@ private links and contact information useful for oncall infrastructure engineers * **Acknowledge pages** - Ack OpsGenie pages within 5 minutes if possible to ensure timely response and avoid rollover to secondary * **Appropriately respond to alert** - Assess impact to end users and service providers and judge severity, acting as Incident Response reporter if appropriate * **Check Production** - Review systems and logs for indicators of issues which are not yet monitored, or unexpected behaviors -* **Initiate Incident Response (IR)** - Based on [Incident Severities]({{site.baseurl}}/articles/secops-incident-response-guide.html#incident-severities) +* **Initiate Incident Response (IR)** - Based on [Incident Severities]({% link _articles/secops-incident-response-guide.md %}#incident-severities) * **High Severity** - Act immediately 24/7 and see through to remediation or confirmed handoff to other team members * **Medium Severity** - During business hours as a top priority * **Low Severity** - During business hours and yielding for release and other duties -* **Initiate Incident Response (IR) Process** - Act as Situation Lead/Incident Commander following the [Security Incident Response Guide]({{site.baseurl}}/articles/secops-incident-response-guide.html) +* **Initiate Incident Response (IR) Process** - Act as Situation Lead/Incident Commander following the [Security Incident Response Guide]({% link _articles/secops-incident-response-guide.md %}) * **Handle interrupts** * Administrative tasks (onboard/offboard/change access) * Urgent product, app, or ops team requests @@ -104,7 +104,7 @@ Before going on-call for Identity DevOps ensure the following: * Comfortable navigating APM and Infrastructure areas in NewRelic * Comfortable reviewing logs in AWS CloudWatch and/or with cw CLI tool * Shadowed full set of deploys: dev, int, staging, and prod application and other infrastructure code -* Reviewed [Security Incident Response Guide]({{site.baseurl}}/articles/secops-incident-response-guide.html) +* Reviewed [Security Incident Response Guide]({% link _articles/secops-incident-response-guide.md %}) * Reviewed [past postmortems](https://drive.google.com/drive/folders/1ZdroGfCbGmeUPuCqiR8BetUhEXRfk4ui) * Joined [#identity-situation](https://gsa-tts.slack.com/messages/login-situation/) channel * Joined [identity-devops Hangout](https://chat.google.com/room/AAAAJIpl9Oo) group (* Only for use in case of Slack outage) diff --git a/_articles/offboarding.md b/_articles/offboarding.md index 8ab2ee24..848af9c9 100644 --- a/_articles/offboarding.md +++ b/_articles/offboarding.md @@ -24,8 +24,8 @@ Review the [Leaving TTS page in the TTS Handbook](https://handbook.tts.gsa.gov/l - Note that CircleCI, CodeClimate, and Snyk rights are removed via GitHub integration - [Using the JIRA Portal](https://cm-jira.usa.gov/servicedesk/customer/portal/11), choose `Application Access` and request that the user be removed from the Login.gov project (and deactivated if they are no longer working for GSA). - Use the [TTS Slack Form](https://goo.gl/forms/mKATdB9QuNo7AXVY2) to submit user modification -- Remove from [login.gov Slack groups]({{site.url}}/articles/slack.html). -- Remove from [all accounts]({{site.url}}/articles/accounts.html) +- Remove from [login.gov Slack groups]({% link _articles/slack.md %}). +- Remove from [all accounts]({% link _articles/accounts.md %}) - [Remove user from Login.gov Google Groups](https://groups.google.com/a/gsa.gov/forum/#!myforums) - [Remove the user from Hubspot](https://app.hubspot.com/settings/5531666/users) - [Remove user from Figma](https://www.figma.com/files/team/893580939040886405/Login.gov/members) diff --git a/_articles/onboarding.md b/_articles/onboarding.md index 47c3d9a9..6c2f9c00 100644 --- a/_articles/onboarding.md +++ b/_articles/onboarding.md @@ -10,7 +10,7 @@ TTS Talent has [their own onboarding checklist in Google Drive](https://docs.goo ## For new login.gov team members to complete themselves -- Familiarize yourself with the [login.gov Handbook]({{site.url}}) +- Familiarize yourself with the [login.gov Handbook]({{site.baseurl}}) - Watch a [login.gov authentication overview](https://drive.google.com/file/d/1UFq0OAHgbLdPUXXj6FAIgSxtLyAfYxSa/view) - Watch a [login.gov identity verification overview](https://drive.google.com/file/d/1GanUUpkAcJCopQAPac4DSe10LREdSGZw/view) - Review the [Login.gov org chart](https://docs.google.com/spreadsheets/d/1tiTR2ohdl0NIsrF4gJjNipEZ0z0oq1pOFWYjHg8Tbi0/edit#gid=0) @@ -50,7 +50,7 @@ Look at this work as a power multiplier, you are helping someone gain a firm fou - Contractors who are working on TTS projects most or full-time can be added as full Slack members. - Other collaborators should be added as multi-channel guests. - Full Slack access for Contractors is at the discretion of login.gov's Contracting Officer. Please see [TTS Handbook guidance](https://handbook.tts.gsa.gov/slack-admin/) for more info. -- Add to appropriate [login.gov Slack groups]({{site.url}}/articles/slack.html) like `login-feds` or `login-appdev-team`. +- Add to appropriate [login.gov Slack groups]({% link _articles/slack.md %}) like `login-feds` or `login-appdev-team`. - Add them to the [Login.gov Shared Calendar](https://calendar.google.com/calendar/embed?src=gsa.gov_6ovul6pcsmgd40o8pqn7qmge5g%40group.calendar.google.com) - Non-GSA.gov email address: `See all event details` permission - With GSA.gov email address: `Make changes AND manage sharing` @@ -136,7 +136,7 @@ Look at this work as a power multiplier, you are helping someone gain a firm fou - Update the knapsack report for the IdP - Update the IdP's rubygem and npm dependencies - Learn to release the app - - Read the [release management guide]({{site.baseurl}}/articles/appdev-deploy.html) + - Read the [release management guide]({% link _articles/appdev-deploy.md %}) - Shadow someone who is deploying the app - Get access to the login.gov static site setting in Federalist - Review some more documentation