Merge pull request #442 from oracle-devrel/LZF.2023-09.01

updates regarding the new cis lz enhanced modules

Author: cosmindev

landing-zones/README.md

@@ -14,6 +14,7 @@ The LZF was created by the EMEA Landing Zone Specialists, collaborating with wor
 |---|---|
 | <a href="/landing-zones/standard_landing_zones/standard_landing_zones.md" ><img src="images/slz.png" alt= “” width="500" height=""></a>  | **Prescribed** and **ready to use** solutions with a **guided setup** and  **IaC**. This is the recommended approach for initial landing zone deployments covering the most-common workload scenarios.  | 
 | <a href="tailored_landing_zones/tailored_landing_zones.md" ><img src="images/tlz.png" alt= “” width="500" height=""> </a>  | An approach to solve **specific requirements** when the standard is not enough. These LZs run with **configuration-as-code** and are used to scale/bridge with existing **operating models**, complying with fine-grained **segregations of duties**, strong **network isolation**, and heterogeneous **workloads**.  |  
+
 &nbsp; 
 
 If you're **starting with OCI landing zones**:
@@ -24,7 +25,7 @@ If you're **starting with OCI landing zones**:
 
 The following **assets** are also available to improve the OCI landing experience:
 - [Executive Overview of the Available Approaches](/landing-zones/commons/EMEA_LandingZonesSpecialists_ExecOverview.pdf)
-- [How a Tailored OCI Landing Zone Looks Like](https://github.com/oracle-quickstart/terraform-oci-open-lz)
+- [How a Tailored OCI Landing Zone Looks Like (The OCI Open LZ)](https://github.com/oracle-quickstart/terraform-oci-open-lz)
 - [Resource Naming Conventions](/landing-zones/commons/resource_naming_conventions.md)
 - [User Identity Management](/landing-zones/commons/user_identity_management.md)
 - [Budgets and Tagging](/landing-zones/commons/budgets_and_tagging.md)

landing-zones/commons/EMEA_LandingZonesSpecialists_ExecOverview.pdf

@@ -26,13 +26,13 @@ Some characteristics of an SLZ:
 There are **two solutions** OCI Standard Landing Zones:
 
 
-* **[CIS LANDING ZONE (CIS LZ)](https://docs.oracle.com/en/solutions/cis-oci-benchmark/index.html)**:  This solution provides a Terraform-based landing zone template that meets the security guidance prescribed in CIS Oracle Cloud Infrastructure Foundations Benchmark. This LZ brings in the ability to provision multiple VCNs, either in standalone mode or as constituent parts of a Hub and Spoke architecture. The VCNs can either follow a general purpose standard three-tier network topology or are oriented towards specific topologies. 
+* **[CIS LANDING ZONE (CIS LZ)](/landing-zones/standard_landing_zones/cis_lz_v2/cis_landing_zone_v2.md)**:  This solution provides a Terraform-based landing zone template that meets the security guidance prescribed in CIS Oracle Cloud Infrastructure Foundations Benchmark. This LZ brings in the ability to provision multiple VCNs, either in standalone mode or as constituent parts of a Hub and Spoke architecture. The VCNs can either follow a general purpose standard three-tier network topology or are oriented towards specific topologies. 
   * The current version is v2.x.
   * The **version 3** is coming and a highly configurable set of terraform modules are already available to configure with json/hcl any landing zone structure. For more details refer to the [Tailored Landing Zones](/landing-zones/tailored_landing_zones/tailored_landing_zones.md) approach. 
 
 
   
-* **[ORACLE ENTERPRISE LANDING ZONE (OELZ)](https://blogs.oracle.com/cloudsecurity/post/enterprise-scale-baseline-landing-zone-version2)**: This is the new version of the enterprise version of the Cloud Adoption Framework (CAF) landing zone. This solution provides a scalable architecture and deployment that includes designs for governance, security segmentation, and separation of duties. It's possible to deploy multiple workloads with separate networks for isolation and access.
+* **[ORACLE ENTERPRISE LANDING ZONE (OELZ)](/landing-zones/standard_landing_zones/oelz_v2/oelz_v2.md)**: This is the new version of the enterprise version of the Cloud Adoption Framework (CAF) landing zone. This solution provides a scalable architecture and deployment that includes designs for governance, security segmentation, and separation of duties. It's possible to deploy multiple workloads with separate networks for isolation and access.
   * The current version is v2.x.
 
 
@@ -74,7 +74,7 @@ If after reviewing the table above the solution is not clear:
 |:---:|---|
 | 1 | Review the previous section | 
 | 2 | Review the [**landing zone landscape**](/landing-zones/commons/select_your_solution.pdf) for complementary **considerations for using** and **before using**.  |
-|3 | Select the solution:<br>- For the **CIS LZ [start here](/landing-zones/standard_landing_zones/cis_lz_v2/cis_landing_zone_v2.md)**. <br>- For the **OELZ [start here](/landing-zones/standard_landing_zones/oelz_v2/oelz_v2.md)**.
+|3 | Select the solution:<br>a. For the **CIS LZ [start here](/landing-zones/standard_landing_zones/cis_lz_v2/cis_landing_zone_v2.md)**. <br>b. For the **OELZ [start here](/landing-zones/standard_landing_zones/oelz_v2/oelz_v2.md)**.
 | 4 | If it's required a **custom design extending the standard landing zone**, there are three alternatives: <br>**a. OCI Console**: Update the resources after deploying the solution. The impact of this is operating the OCI landing zone with the OCI console, i.e., manually.<br>**b. Extended IaC**: Update the code to fit the needs and deploy the solution. The impact of this might be the effort and skills required. <br>**c. Tailored with IaC**: If it's required more design flexibility or the extensions break the standard solution and require structural changes, use the [tailored landing zone](/landing-zones/tailored_landing_zones/tailored_landing_zones.md) approach.
 
 

landing-zones/commons/select_your_solution.pdf

@@ -37,16 +37,16 @@ There are **two assets** for creating OCI tailored landing zones, one for **desi
 
   
 
-### 2.1 Design - with a Blueprint
+### **2.1 Design** - with a Blueprint
 To tailor a landing zone we recommend using the **[OCI Open LZ Blueprint](https://github.com/oracle-quickstart/terraform-oci-open-lz)**, which is a **reference solution** and a **repeatable design process**. It presents an end-to-end coherent solution - with the security, network, and operations views - of what an organization-wide landing zone looks like, with fine-grained segregation of duties, strong isolation of resources, and a scaleable operating model.
 
 The **benefit** of this blueprint is that it can be completely **adjusted and easily simplified** into any other type of landing zone, by following the design steps towards your needs.  Using this reference blueprint will help **create a day-two operational model ready to scale** - using the IaC solution presented in the next section.
 
 
   
 
-### 2.2 Run - with Configuration and Infrastructure as Code 
-For this type of approach **we recommend** the use of the **CIS LZ v3 Terraform modules**, to **configure** the resources with *json/hcl* terraform native interfaces. 
+### **2.2 Run** - with Configuration and Infrastructure as Code 
+For this type of approach **we recommend** the use of the **[CIS Landing Zone Enhanced Modules](https://www.ateam-oracle.com/post/cis-landing-zone-enhanced-modules)**, to **configure** the resources with *json/hcl* terraform native interfaces. 
 
 The **benefits** of using this approach are: 
 - **Focus on Value**: Focus on configuring the design and resources, instead of coding them. This means shorter time-to-value, lower effort, and lower risk.
@@ -55,17 +55,17 @@ The **benefits** of using this approach are:
 
   
 
-The CIS LZ v3 Terraform modules are distributed into five repositories, as described in the table below. 
+These **terraform modules** are presented [**here**](https://www.ateam-oracle.com/post/cis-landing-zone-enhanced-modules) and are distributed into five repositories, as described in the table below. 
 
   
 
 | MODULES  |  OCI RESOURCES COVERED | DESIGN VIEW MATCH |  USE|
 |---|---|---|---|
-| [IAM](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-iam) | Compartments, Groups, Policies, Dynamic Groups | Security View (Tenancy Structure, IAM) | Mandatory |
-| [Network](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking) | VCNs, Subnets, DGR, Gateways, Load Balancers, etc. | Network View | Mandatory |
-| [Security](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-security) | Cloud guard, Security Zones, Vaults, VSS | Security View (Posture) | Optional |
-| [Observability](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-observability) | Alarms, Events, Notifications, Service Connectors, Streams | Operations View | Optional |
-| [Governance](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-governance) | Tags | Operations View | Optional |
+| [**IAM**](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-iam) | Compartments, Groups, Policies, Dynamic Groups | Security View (Tenancy Structure, IAM) | Mandatory |
+| [**Network**](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking) | VCNs, Subnets, DGR, Gateways, Load Balancers, etc. | Network View | Mandatory |
+| [**Security**](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-security) | Cloud guard, Security Zones, Vaults, VSS | Security View (Posture) | Optional |
+| [**Observability**](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-observability) | Alarms, Events, Notifications, Service Connectors, Streams | Operations View | Optional |
+| [**Governance**](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-governance) | Tags | Operations View | Optional |
 
   
 
@@ -85,6 +85,8 @@ The CIS LZ v3 Terraform modules are distributed into five repositories, as descr
 | 4 | **Design the Security View first**, with a focus on the tenancy structure and IAM, as all resources and access to them will be defined here. | [OCI Open LZ Security View](https://github.com/oracle-quickstart/terraform-oci-open-lz/blob/master/docs/OCI_Open_LZ.pdf)<br> [OCI Open LZ Draw.io](https://github.com/oracle-quickstart/terraform-oci-open-lz/blob/master/docs/OCI_Open_LZ.drawio)
 | 5 | **Design the Network View**, with a focus on the network structure, connectivity, and isolation. | [OCI Open LZ Network View](https://github.com/oracle-quickstart/terraform-oci-open-lz/blob/master/docs/OCI_Open_LZ.pdf)<br> [OCI Open LZ Draw.io](https://github.com/oracle-quickstart/terraform-oci-open-lz/blob/master/docs/OCI_Open_LZ.drawio)
 | 6 | If applicable, **design the Operations View**, and set up the cloud operating model. It can contain also monitoring and integrations with IT Systems. | [OCI Open LZ Operations View](https://github.com/oracle-quickstart/terraform-oci-open-lz/blob/master/docs/OCI_Open_LZ.pdf) 
+| 7 | Create the **IaC configurations** for your design using the CIS Landing Zone Enhanced Modules.| [OCI Open LZ Rumtime View](https://github.com/oracle-quickstart/terraform-oci-open-lz/blob/master/docs/OCI_Open_LZ.pdf)<br> [CIS Landing Zone Enhanced Modules](https://www.ateam-oracle.com/post/cis-landing-zone-enhanced-modules)
+
 
 &nbsp; 
 
@@ -95,14 +97,14 @@ The CIS LZ v3 Terraform modules are distributed into five repositories, as descr
 
 ## 4. Other Considerations
 
-Note that the **alternative** for not using the configurable approach described in section 2.2 is to **code your own solution**, from zero or reuse existing modules. The CIS v3 modules allow any configuration topology and allow to focus on business resources (workloads) instead of investing time coding to create OCI core resources. By using the recommended approach it's possible to avoid the **common pitfalls** associated with complex customizations:
+Note that the **alternative** for not using the configurable approach described in section 2.2 is to **code your own solution**, from zero or reuse existing modules. The CIS Landing Zone Enhanced Modules allow any configuration topology and allow to focus on business resources (workloads) instead of investing time coding to create OCI core resources. By using the recommended approach it's possible to avoid the **common pitfalls** associated with complex customizations:
 - **Hard-coding**. Changing or adapting code to create a new landing zone different than the original is complex and time-consuming. This also means that any change to the landing zone will be executed by code and not configurations.
 - **Waste & Late Time-to-Value**. The time spent on adapting code, or re-coding over and over for the OCI landing/core resources is time wasted and not used on the business value/workloads.
 - **Limited Scaling**. Doing OCI changes manually can work for some tactical solutions, but it will always limit the scaling and add complexity and cost to the day-two operations. Note that, for example, CIS LZ creates 100+ OCI resources.
 - **Scarce Skills**. IaC Terraform coding skills are not as common as we should expect, which makes these efforts a higher risk and challenge to solve. 
 
 
-For a comparison between **standard landing zone** solutions and the proposed solution for **tailored landing zones** please review the [OCI landing zone solution landcscape](/commons/select_your_solution.pdf).
+For a comparison between **standard landing zone** solutions and the proposed solution for **tailored landing zones** please review the [OCI landing zone solution landcscape](/landing-zones/commons/select_your_solution.pdf).
 
 &nbsp;