docs: add more docs on foundations, resources, support and more

Author: jyecusch

docs/.vale/styles/config/vocabularies/Suga/accept.txt

@@ -284,4 +284,23 @@ nav
 prev
 next
 toc
-uv
+uv
+Monorepo
+monorepo
+Minio
+Prisma
+SQLAlchemy
+datasource
+sqlalchemy
+ORMs
+api
+debugpy
+dlv
+pgx
+sqlx
+pgxpool
+playsInline
+Reusability
+Pulumi
+SREs
+DevOps

docs/deploy/aws.mdx

@@ -0,0 +1,41 @@
+---
+title: "AWS Deployment"
+description: "Deploy Suga applications to Amazon Web Services"
+---
+
+Deploy Suga applications to AWS using Lambda, Fargate, S3, and CloudFront.
+
+## Prerequisites
+
+- AWS account
+- AWS CLI configured
+- Terraform installed
+
+## Quick Start
+
+```bash
+# Build your application
+suga build
+
+# Navigate to generated stack
+cd terraform/stacks/my-app
+```
+
+Create provider configuration:
+
+```hcl title="provider.tf"
+provider "aws" {
+  region = "us-west-2"
+}
+```
+
+Deploy:
+
+```bash
+terraform init
+terraform apply
+```
+
+<Card title="Complete Deployment Guide" icon="rocket" href="/foundations/deployment" horizontal>
+  See the full deployment workflow
+</Card>

docs/deploy/azure.mdx

@@ -0,0 +1,14 @@
+---
+title: "Azure Deployment"
+description: "Deploy Suga applications to Microsoft Azure"
+---
+
+Azure support is coming soon.
+
+<Note>
+  Azure platform development is in progress. Check back soon for updates.
+</Note>
+
+## Interested in Azure Support?
+
+Contact [support@addsuga.com](mailto:support@addsuga.com) to express interest or get notified when Azure support is available.

docs/deploy/environment-management.mdx

@@ -0,0 +1,35 @@
+---
+title: "Environment Management"
+description: "Managing multiple deployment environments (dev, staging, production)"
+---
+
+Manage multiple environments using Terraform workspaces and variable files.
+
+## Using Workspaces
+
+```bash
+# Create workspaces
+terraform workspace new dev
+terraform workspace new staging
+terraform workspace new prod
+
+# Deploy to dev
+terraform workspace select dev
+terraform apply -var-file=environments/dev.tfvars
+
+# Deploy to prod
+terraform workspace select prod
+terraform apply -var-file=environments/prod.tfvars
+```
+
+## Environment-Specific Configuration
+
+```hcl title="environments/dev.tfvars"
+services_api_memory = 512
+services_api_timeout = 10
+```
+
+```hcl title="environments/prod.tfvars"
+services_api_memory = 2048
+services_api_timeout = 30
+```

docs/deploy/gcp.mdx

@@ -0,0 +1,40 @@
+---
+title: "GCP Deployment"
+description: "Deploy Suga applications to Google Cloud Platform"
+---
+
+Deploy Suga applications to GCP using Cloud Run, Cloud Storage, and Cloud CDN.
+
+## Prerequisites
+
+- Google Cloud account
+- gcloud CLI configured
+- Terraform installed
+
+## Quick Start
+
+```bash
+# Build your application
+suga build
+
+# Navigate to generated stack
+cd terraform/stacks/my-app
+```
+
+Configure required variables:
+
+```hcl title="terraform.tfvars"
+project_id = "my-gcp-project"
+region = "us-central1"
+```
+
+Deploy:
+
+```bash
+terraform init
+terraform apply
+```
+
+<Card title="Complete Deployment Guide" icon="rocket" href="/foundations/deployment" horizontal>
+  See the full deployment workflow
+</Card>

docs/deploy/overview.mdx

@@ -0,0 +1,30 @@
+---
+title: "Deployment Overview"
+description: "Overview of deploying Suga applications to cloud providers"
+---
+
+Deploying with Suga means running standard Terraform commands on infrastructure generated by `suga build`.
+
+<Card title="Complete Deployment Guide" icon="rocket" href="/foundations/deployment" horizontal>
+  See the comprehensive deployment guide in Foundations
+</Card>
+
+## Quick Links
+
+<CardGroup cols={2}>
+  <Card title="AWS Deployment" icon="aws" href="/deploy/aws">
+    Deploy to Amazon Web Services
+  </Card>
+
+  <Card title="GCP Deployment" icon="google" href="/deploy/gcp">
+    Deploy to Google Cloud Platform
+  </Card>
+
+  <Card title="Azure Deployment" icon="microsoft" href="/deploy/azure">
+    Deploy to Microsoft Azure
+  </Card>
+
+  <Card title="Terraform Configuration" icon="code" href="/deploy/terraform-configuration">
+    Configure Terraform backends and state
+  </Card>
+</CardGroup>

docs/deploy/terraform-configuration.mdx

@@ -0,0 +1,22 @@
+---
+title: "Terraform Configuration"
+description: "Configure Terraform backends, state management, and variables"
+---
+
+## Remote State Backends
+
+<Card title="Terraform Backend Configuration" icon="database" href="/guides/terraform-backend-config" horizontal>
+  See the complete backend configuration guide
+</Card>
+
+## Workspaces for Multiple Environments
+
+```bash
+terraform workspace new dev
+terraform workspace new staging
+terraform workspace new prod
+```
+
+<Card title="Environment Management" icon="layers" href="/deploy/environment-management" horizontal>
+  Learn about managing multiple environments
+</Card>

docs/develop/access-control.mdx

@@ -0,0 +1,117 @@
+---
+title: "Access Control"
+description: "Managing permissions and security in Suga applications"
+---
+
+Suga's access control model defines which services can access which resources, automatically generating appropriate IAM policies or service account permissions.
+
+![temp](/images/develop/access-control/service-to-bucket-access-control.png)
+
+## How Access Control Works
+
+Access is granted through the `access` property on resources, which can be modified in your project's `suga.yaml` or through the visual editor with the `suga edit` CLI command.
+
+```yaml
+buckets:
+  uploads:
+    access:
+      api: [read, write]      # API service can read and write
+      worker: [read, delete]  # Worker can read and delete
+
+databases:
+  main:
+    access:
+      api: [query]            # API can query database
+```
+
+When you deploy, Suga generates:
+- **IAM policies** (AWS) with least-privilege permissions
+- **Service account bindings** (GCP) with appropriate roles
+- **Network security rules** allowing service-to-resource communication
+
+## Permission Types
+
+### Bucket Permissions
+
+- `read` - Download/read objects
+- `write` - Upload/write objects
+- `delete` - Delete objects
+- `all` - Shorthand for read, write, delete
+
+```yaml
+buckets:
+  data:
+    access:
+      uploader: [write]
+      processor: [read, delete]
+      api: [read]
+```
+
+### Database Permissions
+
+- `query` - Full SQL access (SELECT, INSERT, UPDATE, DELETE)
+
+```yaml
+databases:
+  main:
+    access:
+      api: [query]
+      analytics: [query]
+```
+
+## Least Privilege
+
+Suga encourages and follows the principle of least privilege:
+- By default, services cannot access other resources
+- Services only get permissions they need
+- No wildcards or overly broad policies
+- Separate identities per service
+
+When using the standard Suga AWS Platforms (`suga/aws`), here is an example of the kind of IAM policy that will be generated:
+
+```json
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetObject",
+        "s3:PutObject"
+      ],
+      "Resource": "arn:aws:s3:::my-app-uploads/*"
+    }
+  ]
+}
+```
+
+<Note>
+  If you use your own Suga [resource plugins](/foundations/plugins), you're free to construct the IAM, roles, etc. as you see fit.
+</Note>
+
+## Best Practices
+
+1. **Grant minimum permissions** - Only what each service needs
+2. **Separate services** - Different services for different roles
+3. **Review access patterns** - Regularly audit who accesses what
+4. **Use read-only when possible** - Many services only need read access
+
+## Learn More
+
+<CardGroup cols={2}>
+  <Card title="Services" icon="server" href="/develop/services">
+    Service configuration
+  </Card>
+
+  <Card title="Buckets" icon="box" href="/develop/buckets">
+    Bucket permissions
+  </Card>
+
+  <Card title="Databases" icon="database" href="/develop/databases">
+    Database access
+  </Card>
+
+  <Card title="AWS Deployment" icon="aws" href="/deploy/aws">
+    AWS IAM details
+  </Card>
+</CardGroup>