Merge pull request #546 from cado-security/ebentley/update-deploy-docs

Update deployment docs

docs/cado/deploy/aws/aws_quick_deployment.md

@@ -30,23 +30,23 @@ Before starting, make sure you have all the following:
      "Sid": "RequiredForCadoHostAndPreservation",
      "Effect": "Allow",
      "Action": [
-           "s3:PutObject",
-               "s3:GetObject",
-               "s3:RestoreObject",
-               "s3:PutObjectTagging",
-               "s3:GetObjectTagging"
+        "s3:PutObject",
+        "s3:GetObject",
+        "s3:RestoreObject",
+        "s3:PutObjectTagging",
+        "s3:GetObjectTagging"
      ],
      "Resource": "arn:aws:s3:::MY_CADO_BUCKET/*" // Replace MY_CADO_BUCKET with your bucket name and delete this comment
    },
    {
-       "Sid": "RequiredForCadoHostAndPreservation2",
-     "Effect": "Allow",
-     "Action": [
-           "s3:ListAllMyBuckets",
-               "s3:ListBucket",
-               "s3:GetBucketLocation"
-     ],
-     "Resource": "arn:aws:s3:::MY_CADO_BUCKET" // Replace MY_CADO_BUCKET with your bucket name and delete this comment
+      "Sid": "RequiredForCadoHostAndPreservation2",
+      "Effect": "Allow",
+      "Action": [
+        "s3:ListAllMyBuckets",
+        "s3:ListBucket",
+        "s3:GetBucketLocation"
+      ],
+      "Resource": "arn:aws:s3:::MY_CADO_BUCKET" // Replace MY_CADO_BUCKET with your bucket name and delete this comment
    }
  ]
 }
@@ -64,7 +64,7 @@ Before starting, make sure you have all the following:
 
 - An SSH key pair in the region you are deploying in
 
-## Instructions
+### Instructions
 
 1. Visit the **Launch an instance** page in the AWS console
 
@@ -153,3 +153,23 @@ echo "bucket = MY_CADO_BUCKET" >> /home/admin/processor/first_run.cfg
 10. After launching it will take a few minutes for Cado to start.
 
 ![Success](/img/aws-success.png)
+
+## Optional Extensions
+
+#### Workers
+
+The initial deployment uses a single Compute instance, limiting imports to Cado Host captures and restricting simultaneous evidence processing to ensure stability. Additional EC2 instances are required to process more data or multiple evidence items concurrently.
+
+To enable **Workers** follow the workers document - [Enable Workers](https://docs.cadosecurity.com/cado/deploy/aws/aws-workers)
+
+#### Secret Manager
+
+The initial deployment stores the key used to encrypt secrets in Cado locally on the machine. Enabling a Secret Manager allows Cado to instead store the key in AWS Secrets Manager.
+
+To enable **Secret Manager** follow the secret manager document - [Enable Secret Manager](https://docs.cadosecurity.com/cado/deploy/aws/aws-secret-manager)
+
+#### NFS
+
+The initial deployment deployment deploys without a Network File Share (NFS). Enabling an NFS allows Cado to keep a copy of every file processed on disk. This enables the re-running of analysis and the downloading of the original file in the UI for further analysis.
+
+To enable **NFS** follow the NFS document - [Enable NFS](https://docs.cadosecurity.com/cado/deploy/aws/aws-nfs)

docs/cado/deploy/azure/azure-quickstart-deployment.md

@@ -12,7 +12,7 @@ The initial deployment offers a basic working environment; however, certain func
 
 ## Initial Deployment
 
-## Prerequisites
+### Prerequisites
 
 Before starting, make sure you have all the following:
 
@@ -38,9 +38,7 @@ You can add a role assignment to a managed identity by following these steps:
 
 ![Azure Role Assignment](/img/add-role-assignment.png)
 
-## Instructions
-
-### Deploying from the Cado Image
+### Instructions
 
 1. Open the “Community Images” service in Azure.Then, filter the images by the Cado public gallery name (CadoPlatform-1a38e0c7-afa4-4e0d-9c56-433a12cd67b1) to list all the Cado images available for deployment.
 
@@ -126,7 +124,7 @@ echo -n "<CLIENT_SECRET>" | sudo tee -a /home/admin/processor/envars/AZURE_CLIEN
 
 > The default password for the VM is the [Resource ID](https://docs.cadosecurity.com/cado/deploy/logging-in) of the virtual machine.
 
-## Optional Extentions
+## Optional Extensions
 
 #### Workers
 
@@ -144,6 +142,4 @@ To enable **Secret Manager** follow the secret manager document - [Enable Secret
 
 The initial deployment deployment deploys without a Network File Share (NFS). Enabling an NFS allows Cado to keep a copy of every file processed on disk. This enables the re-running of analysis and the downloading of the original file in the UI for further analysis.
 
-To enable **NFS** follow the NFS document - [Enable NFS](https://docs.cadosecurity.com/cado/deploy/azure/azure-nfs)
-
-
+To enable **NFS** follow the NFS document - [Enable NFS](https://docs.cadosecurity.com/cado/deploy/azure/azure-nfs)

docs/cado/deploy/gcp/gcp-quickstart-deployment-guide.md

@@ -10,51 +10,42 @@ This guide provides step-by-step instructions for deploying a Cado instance with
 
 The initial deployment offers a basic working environment; however, certain functionalities are not included. Refer to the ‘Extensions’ section for details on missing features and instructions on how to add them.
 
-### Prerequisites
-
-- Clone the repo https://github.com/cado-security/Deployment-Templates
-- Install terraform locally
-- Install and Auth with Gcloud CLI
-
 ## Initial Deployment
 
-**Clone and Enter the directory:**
-https://github.com/cado-security/Deployment-Templates/blob/main/minimum_deployments/gcp
+### Prerequisites
 
-**If not using Service account JSON:** 
-1. Install and Auth via GCP Cli: https://cloud.google.com/sdk/docs/install
-
-2. Auth with: `gcloud init`
+- Clone the repo https://github.com/cado-security/Deployment-Templates and change directory into `minimum_deployments/gcp`
+- Install terraform locally
+- Install and Auth with Gcloud CLI (`gcloud init`)
 
-Run `terraform init` inside the directory
+### Instructions
+1. Run `terraform init` inside `minimum_deployments/gcp`
+2. Run Terraform plan to confirm the resources that will be created:
 
-### Variables:
+**Required variables:**
 There are 3 required variables:  
 - **project_id** - This is the GCP project you want to deploy into  
 - **region** - (us-central1 / us-east1)  
 - **bucket** - The bucket CADO will use for evidence preservation. Needs to be in the same project  
 
-**Optional variables:**  
+**Optional variables:**
 - **credentials_file** - A Service account JSON. For if not using authentication via GCP Cli  
 - **gcp_image** - The Terraform will automatically select the latest image, however if you want to provide a specific version of CADO pass the global image link from the CADO updates [JSON](https://cado-public.s3.amazonaws.com/cado_updates_json_v2.json)
 - **source_ip** - The IP address you want to whitelist port 443 with CADO. This will automatically select your own IP if left empty  
 - **public_ip** - By default True. Set to False if you do not want a Public IP on the instance  
 
-**Network Variables:**  
+**Network variables:**  
 - **network_name** - VPC network name. Leave blank to use default  
 - **subnetwork_name** - Automatically determined unless specified  
 - **service_account_email** - To specify an already created service account email. Terraform will create one if left empty  
 
-### To confirm what will be deployed:
-
 > **Note:** Terraform is Case Sensitive. Confirm the project and other variables are in the correct case.
 
 `terraform plan -var bucket=YOUR_BUCKET -var project_id=YOUR_PROJECT_ID -var region=DEPLOY_REGION`  
 
-You should see “Plan: 7 to add, 0 to change, 0 to destroy.”
-
-### To deploy
+You should see `Plan: 7 to add, 0 to change, 0 to destroy.`
 
+3. Run Terraform apply to create the resources:
 `terraform apply -var bucket=YOUR_BUCKET -var project_id=YOUR_PROJECT_ID -var region=DEPLOY_REGION`
 
 ## Configure import sources
@@ -104,7 +95,7 @@ This [link](https://docs.cadosecurity.com/cado/deploy/cross/adding-gcp) will giv
 
 4. Verify that the account health check passes
 
-## Optional Extentions
+## Optional Extensions
 
 #### Workers