added written content to all docs pages

Author: quetzalliwrites

src/content/docs/integrations/infrastructure-as-code/cloud-custodian.md

@@ -0,0 +1,137 @@
+---
+title: Cloud Custodian
+description: Use Cloud Custodian with LocalStack
+template: 
+hero:
+  tagline: 
+  image:
+    file: 
+  actions:
+nav: 
+---
+
+## Introduction
+
+Cloud Custodian is an open-source rules engine and cloud management tool designed to help organizations maintain security and compliance across their cloud environments.
+Cloud Custodian's YAML DSL allows definition of rules to filter and tag resources, and then apply actions to those resources.
+
+Cloud Custodian can be used to manage local AWS resources in LocalStack, resembling the live AWS environment, allowing you to test and validate your security policies locally.
+You can use Cloud Custodian with LocalStack by just specifying the Cloud Custodian package to use the LocalStack profile configured with your AWS CLI.
+
+## Getting started
+
+This guide is designed for users who are new to Cloud Custodian and assumes basic knowledge of the AWS CLI and our [`awslocal`](https://github.com/localstack/awscli-local) wrapper script.
+
+Start your LocalStack container using your preferred method.
+We will demonstrate how you can spin up an EC2 instance and tag it with the key `Custodian`, and then use Cloud Custodian to stop the instance.
+
+### Install Cloud Custodian
+
+To install Cloud Custodian, run the following command:
+
+{{< command >}}
+$ pip install c7n
+{{< / command >}}
+
+After installing Cloud Custodian, you can configure a [custom LocalStack profile](http://docs.localstack.cloud/user-guide/integrations/aws-cli/#configuring-a-custom-profile) in your AWS CLI configuration file.
+
+### Create an EC2 instance
+
+You can create an EC2 instance using the `awslocal` wrapper script.
+You can use the [`RunInstances`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html) API to create an EC2 instance.
+The following example creates an EC2 instance with the tag `Custodian` (any value):
+
+{{< command >}}
+$ awslocal ec2 run-instances \
+    --image-id ami-ff0fea8310f3 \
+    --count 1 \
+    --instance-type t3.nano \
+    --tag-specifications "ResourceType=instance,Tags=[{Key=Custodian,Value=AnyValue}]"
+{{< / command >}}
+
+You can navigate to the LocalStack logs to verify that the EC2 instance was created successfully:
+
+```bash
+2023-10-16T15:27:35.479  INFO --- [   asgi_gw_0] l.u.container_networking   : Determined main container network: bridge
+2023-10-16T15:27:35.504  INFO --- [   asgi_gw_0] l.u.container_networking   : Determined main container target IP: 172.17.0.2
+2023-10-16T15:27:36.154  INFO --- [   asgi_gw_0] l.s.ec2.vmmanager.docker   : Instance i-d87f1ab75e95ab0d2 will be accessible via SSH at: 127.0.0.1:22, 172.17.0.3:22
+2023-10-16T15:27:36.155  INFO --- [   asgi_gw_0] l.s.ec2.vmmanager.docker   : Instance i-d87f1ab75e95ab0d2 port mappings (container -> host): {'22/tcp': 22}
+2023-10-16T15:27:36.218  INFO --- [   asgi_gw_0] localstack.request.aws     : AWS ec2.RunInstances => 200
+```
+
+### Create a Cloud Custodian policy
+
+You can now create a Cloud Custodian policy to stop the EC2 instances with the tag `Custodian`.
+Create a file named `custodian.yml` and add the following content:
+
+```yaml
+policies:
+  - name: my-first-policy
+    resource: aws.ec2
+    filters:
+      - "tag:Custodian": present
+    actions:
+      - stop
+```
+
+The above policy specifies the following:
+
+- `name`: The name of the policy.
+- `resource`: The AWS resource to apply the policy to.
+- `filters`: The filters to apply to the resource.
+  In this case, the filter is `tag:Custodian` and the value is `present`.
+- `actions`: The actions to apply to the resource.
+  In this case, the action is `stop`.
+
+### Run the Cloud Custodian policy
+
+You can now run the Cloud Custodian policy using the following command:
+
+{{< command >}}
+$ custodian run \
+    --output-dir=.
+custodian.yml \
+    --profile localstack
+{{< / command >}}
+
+{{< callout "tip" >}}
+Alternatively, you can also set the `AWS_PROFILE=localstack` environment variable, in which case the `--profile localstack` parameter can be omitted in the commands above.
+{{< /callout >}}
+
+You should see the following output:
+
+```sh
+2023-10-16 21:06:13,853: custodian.policy:INFO policy:my-first-policy resource:aws.ec2 region:us-east-1 count:1 time:0.20
+2023-10-16 21:06:13,961: custodian.policy:INFO policy:my-first-policy action:stop resources:1 execution_time:0.10
+```
+
+You can then navigate to the LocalStack logs to verify that the EC2 instance was stopped successfully:
+
+```bash
+2023-10-16T15:36:13.583  INFO --- [   asgi_gw_0] localstack.request.aws     : AWS sts.GetCallerIdentity => 200
+2023-10-16T15:36:13.851  INFO --- [   asgi_gw_1] localstack.request.aws     : AWS ec2.DescribeInstances => 200
+2023-10-16T15:36:13.960  INFO --- [   asgi_gw_0] localstack.request.aws     : AWS ec2.StopInstances => 200
+```
+
+### Create CloudWatch metrics for Cloud Custodian
+
+Cloud Custodian creates CloudWatch metrics for each policy.
+These metrics show how many resources met the filters, the time taken to gather and filter those resources, and the time required to perform actions.
+
+Certain filters and actions might produce their own metrics.
+To activate metric output, you must set the `metrics` flag running Cloud Custodian.
+
+{{< command >}}
+$ custodian run -s . \
+    --metrics aws custodian.yml \
+    --profile localstack
+{{< / command >}}
+
+You can access the CloudWatch metrics in the [LocalStack Web Application](https://app.localstack.cloud/inst/default/resources/cloudwatch).
+
+## Further reading
+
+- [Example Policies](https://cloudcustodian.io/docs/aws/examples/index.html) for practical examples of specific policies for individual AWS modules.
+- [Cloud Custodian documentation](https://cloudcustodian.io/docs/quickstart/index.html) to learn more about Cloud Custodian.
+- [Integrations](https://cloudcustodian.io/docs/aws/topics/index.html) with Config, Security Hub, Systems Manager, and X-Ray.
+- [Monitoring the environment](https://cloudcustodian.io/docs/aws/usage.html) by generating CloudWatch metrics.

src/content/docs/integrations/infrastructure-as-code/crossplane.md

@@ -0,0 +1,237 @@
+---
+title: Crossplane
+description: Use the Crossplane cloud-native control plane framework with LocalStack.
+template: 
+hero:
+  tagline: 
+  image:
+    file: 
+  actions:
+nav: 
+---
+
+## Overview
+
+[Crossplane](https://www.crossplane.io) is a cloud-native control plane framework, which offers an extensible backend that enables orchestrating applications and infrastructure via declarative APIs and resource definitions.
+
+Crossplane offers a native [AWS provider](https://github.com/upbound/provider-aws) which can be used to create and manage AWS cloud resources via the Crossplane platform.
+For example, it can be used to create S3 buckets, SQS queues, Lambda functions, among many other resources.
+Crossplane AWS provider supports a comprehensive set of some [900+ resource types](https://marketplace.upbound.io/providers/upbound/provider-aws).
+
+## Getting started
+
+In the following, we provide a step-by-step guide for installing Crossplane in a local test environment, and creating AWS resources (S3 bucket, SQS queue) in LocalStack via Crossplane.
+
+### Prerequisites
+
+* LocalStack running in local Docker
+* A local Kubernetes cluster:
+  * We can use the [embedded Kubernetes cluster](https://docs.docker.com/desktop/kubernetes) that ships with modern versions of Docker Desktop (can be easily enabled in the Docker settings)
+  * Alternatively, you can [create a local EKS cluster](https://docs.localstack.cloud/user-guide/aws/elastic-kubernetes-service/#create-an-embedded-kubernetes-cluster) in LocalStack directly, which will spin up a light-weight embedded `k3d` Kubernetes cluster in your Docker environment
+* The [`helm`](https://helm.sh) and [`kubectl`](https://kubernetes.io/docs/tasks/tools/#kubectl) command-line clients installed
+
+## Installing Crossplane in local Kubernetes
+
+Once your `kubectl` is configured to point to the local Kubernetes cluster, we first install Crossplane via `helm`:
+{{<command>}}
+$ helm repo add crossplane-stable https://charts.crossplane.io/stable
+$ helm repo update
+$ helm install crossplane crossplane-stable/crossplane --namespace crossplane-system --create-namespace
+{{</command>}}
+
+The installation may take a few minutes.
+In parallel, we can install the `crossplane` command-line tool.
+{{<command>}}
+$ curl -sL https://raw.githubusercontent.com/crossplane/crossplane/master/install.sh | bash
+<disable-copy>...</disable-copy>
+$ sudo mv crossplane /usr/local/bin
+{{</command>}}
+To confirm that the installation was successful, we can run these commands, which should yield output similar to the following:
+{{<command>}}
+$ crossplane version
+<disable-copy>Client Version: v1.17.0
+Server Version: v1.17.0</disable-copy>
+
+$ kubectl get crds | grep crossplane
+<disable-copy>compositions.apiextensions.crossplane.io                     2023-09-03T11:30:36Z
+configurations.pkg.crossplane.io                             2023-09-03T11:30:36Z
+...</disable-copy>
+{{</command>}}
+
+### Installing the Crossplane AWS Provider
+
+Once the basic Crossplane installation is running properly, we can proceed with installing the AWS provider.
+Newer versions of Crossplane promote the use of [provider families](https://docs.upbound.io/providers/provider-families), which are collections of providers for different groups of resources.
+For example, there is a separate provider for each individual AWS service (like S3, SQS, Lambda, etc), and in addition provider family provides shared resources for common configuration of all services (e.g., credentials, etc).
+
+In the following, we first install the AWS provider for S3.
+Note that you can copy/paste the entire multi-line command below into your terminal:
+{{<command>}}
+$ cat <<EOF | kubectl apply -f -
+apiVersion: pkg.crossplane.io/v1
+kind: Provider
+metadata:
+  name: provider-aws-s3
+spec:
+  package: xpkg.upbound.io/upbound/provider-aws-s3:v0.40.0
+EOF
+{{</command>}}
+
+We also install the AWS provider for SQS:
+{{<command>}}
+$ cat <<EOF | kubectl apply -f -
+apiVersion: pkg.crossplane.io/v1
+kind: Provider
+metadata:
+  name: provider-aws-sqs
+spec:
+  package: xpkg.upbound.io/upbound/provider-aws-sqs:v0.40.0
+EOF
+{{</command>}}
+
+After some time, the providers should get into healthy state, which can be confirmed via `kubectl get providers`:
+{{<command>}}
+$ kubectl get providers<disable-copy>
+NAME                          INSTALLED   HEALTHY   PACKAGE                                               AGE
+upbound-provider-family-aws   True        True      xpkg.upbound.io/upbound/provider-family-aws:v0.40.0   2m
+provider-aws-s3               True        True      xpkg.upbound.io/upbound/provider-aws-s3:v0.40.0       2m
+provider-aws-sqs              True        True      xpkg.upbound.io/upbound/provider-aws-sqs:v0.40.0      2m
+</disable-copy>
+{{</command>}}
+
+Next, we install a secret to define the test credentials for the AWS provider:
+{{<command>}}
+$ cat <<EOF | kubectl apply -f -
+apiVersion: v1
+kind: Secret
+metadata:
+  name: localstack-aws-secret
+stringData:
+  creds: |
+    [default]
+    aws_access_key_id = test
+    aws_secret_access_key = test
+EOF
+{{</command>}}
+
+Finally, we create an AWS  `ProviderConfig` that references the secret created above, and defines a static `endpoint` pointing to the LocalStack URL `http://host.docker.internal:4566`:
+{{<command>}}
+$ cat <<EOF | kubectl apply -f -
+apiVersion: aws.upbound.io/v1beta1
+kind: ProviderConfig
+metadata:
+  name: default
+spec:
+  credentials:
+    source: Secret
+    secretRef:
+      name: localstack-aws-secret
+      namespace: default
+      key: creds
+  endpoint:
+    hostnameImmutable: true
+    # TODO: add more services to this list, as needed
+    services: [iam, s3, sqs, sts]
+    url:
+      type: Static
+      static: http://host.docker.internal:4566
+  skip_credentials_validation: true
+  skip_metadata_api_check: true
+  skip_requesting_account_id: true
+  s3_use_path_style: true
+EOF
+{{</command>}}
+
+{{< callout >}}
+The endpoint `http://host.docker.internal:4566` in the listing above assumes that you are running Kubernetes in the local Docker engine, and that LocalStack is up and running and available on default port `4566`.
+{{< /callout >}}
+
+{{< callout >}}
+The Crossplane AWS provider currently requires us to specify the list of `services` for which the local `endpoint` is used as the target URL.
+Please make sure to extend this list accordingly if you're working with additional LocalStack services.
+{{< /callout >}}
+
+### Deploying sample resources in LocalStack
+
+After the Crossplane AWS provider is properly installed and configured, we can proceed with creating some local resources.
+
+First, we create an S3 bucket named `crossplane-test-bucket`:
+{{<command>}}
+$ cat <<EOF | kubectl apply -f -
+apiVersion: s3.aws.upbound.io/v1beta1
+kind: Bucket
+metadata:
+  name: crossplane-test-bucket
+spec:
+  forProvider:
+    region: us-east-1
+EOF
+{{</command>}}
+
+If everything is wired up correctly, you should now see some activity in the LocalStack log outputs, where Crossplane starts deploying the S3 bucket against LocalStack.
+After some time, the bucket should be transitioning into `ready` state within Crossplane:
+{{<command>}}
+$ kubectl get buckets<disable-copy>
+NAME                     READY   SYNCED   EXTERNAL-NAME            AGE
+crossplane-test-bucket   True    True     crossplane-test-bucket   30s
+</disable-copy>
+{{</command>}}
+
+...
+and the bucket it should also be visible when querying the local S3 buckets in LocalStack via [`awslocal`](https://github.com/localstack/awscli-local):
+{{<command>}}
+$ awslocal s3 ls<disable-copy>
+2023-09-03 15:18:47 crossplane-test-bucket
+</disable-copy>
+{{</command>}}
+
+We can repeat the same exercise for creating a local SQS queue named `crossplane-test-queue`:
+{{<command>}}
+$ cat <<EOF | kubectl apply -f -
+apiVersion: sqs.aws.upbound.io/v1beta1
+kind: Queue
+metadata:
+  name: crossplane-test-queue
+spec:
+  forProvider:
+    name: crossplane-test-queue
+    region: us-east-1
+EOF
+{{</command>}}
+
+After some time, the queue should transition into `ready` state in Crossplane:
+{{<command>}}
+$ kubectl get queues<disable-copy>
+NAME                    READY   SYNCED   EXTERNAL-NAME                                                         AGE
+crossplane-test-queue   True    True     http://host.docker.internal:4566/000000000000/crossplane-test-queue   40s
+</disable-copy>
+{{</command>}}
+
+...
+and the queue should be visible when listing the SQS queues in LocalStack:
+{{<command>}}
+$ awslocal sqs list-queues<disable-copy>
+{
+    "QueueUrls": [
+        "http://localhost:4566/000000000000/crossplane-test-queue"
+    ]
+}
+</disable-copy>
+{{</command>}}
+
+### Summary
+
+The Crossplane AWS provider is a great way to manage AWS resources, and by leveraging the `endpoint` configuration of the provider, we can seamlessly run resource deployments against LocalStack.
+
+In this tutorial, we have provided an end-to-end walkthrough of how to provision two simple resources - an S3 bucket, and an SQS queue.
+Crossplane supports a vast range of additional AWS resource types, as well as advanced operations like updating, deleting, or composing resources.
+You can refer to the additional reading material to learn and explore more advanced features.
+
+## Further Reading
+
+* Kubernetes on Docker Desktop: https://docs.docker.com/desktop/kubernetes
+* Kubernetes getting started guide: https://kubernetes.io/docs/setup
+* EKS Kubernetes clusters on LocalStack: https://docs.localstack.cloud/user-guide/aws/elastic-kubernetes-service
+* Crossplane user docs: https://docs.crossplane.io
+* Crossplane AWS provider family: https://marketplace.upbound.io/providers/upbound/provider-family-aws
+* Crossplane AWS provider source code: https://github.com/upbound/provider-aws