gruntwork-io · josh-padnick · Mar 5, 2021 · Mar 4, 2021 · Mar 4, 2021
@@ -1,28 +1,27 @@
 - title: Choose your architecture options
   description: |
-    <p>You fill out an online web form to customize your Reference Architecture:</p>
+    <p>Customize your architecture and complete a few setup steps:</p>
     <ul>
-      <li>Single Account or Multi-Account</li>
-      <li>Region</li>
-      <li>End-to-end encryption (as part of HIPAA, PCI, or other compliance programs)</li>
-      <li>Run services on Docker using Kubernetes or ECS, or directly on EC2 Instances using ASGs</li>
-      <li>PostgreSQL, MySQL, SQL Server, or other relational database</li>
+      <li>Create several AWS accounts (logs, security, shared, dev, stage, and prod)</li>
+      <li>Choose a region</li>
+      <li>Set up domains in DNS</li>
+      <li>Run services on Docker using EKS (Kubernetes) or ECS, or directly on EC2 Instances using ASGs</li>
+      <li>PostgreSQL, MySQL, SQL Server, Aurora, or other relational database</li>
       <li>Redis or Memcached</li>
-      <li>CircleCI, Travis CI, or Jenkins</li>
+      <li>CircleCI, GitLab, or Jenkins</li>
       <li>Bastion Host or OpenVPN</li>
       <li>Static content storage and serving</li>
       <li>Serverless functions</li>
       <li>DNS, TLS</li>
       <li>Monitoring, Alerting, Log Aggregation</li>
-      <li>Kafka, ZooKeeper, ELK, MongoDB, and many other options</li>
     </ul>
 
 - title: We build your architecture
   description: |
     <p>
-      We translate your preferences into infrastructure code written in Terraform, Bash, Python, and Go. We put the
-      code into your git repos and deploy it into your AWS or GCP account(s). For AWS, this takes about one day. For
-      GCP, <a href="/contact/">Contact Us!</a>.
+      We generate the architecture using Terragrunt, Terraform, Bash, Python and Go. We deploy the resources to your
+      AWS accounts. We validate the configuration, then we push the code to your git repository. For AWS, this
+      takes about one day.
     </p>
 
 - title: Learn how to use it

@@ -2,16 +2,16 @@
   description: Written in Terraform, Go, Python, and Bash. You get 100% of the code.
 
 - title: Production-ready
-  description: The architecture has been proven with 70+ Gruntwork customers.
+  description: The architecture has been proven with hundreds of Gruntwork customers.
 
 - title: Fast
-  description: Get a fully-working, best-practices tech stack in AWS in about one day!
+  description: We'll deploy a fully-working, best-practices tech stack in AWS in about one day!
 
 - title: Reliable
   description: Designed for high availability, scalability, and durability
 
 - title: Secure
-  description: "Network security, encryption, audit trail, server hardening, &amp; more"
+  description: "Account-level segmentation, centralized audit trail, network segmentation, encrypted by default, server hardening, &amp; more"
 
 - title: Documented
   description: Includes training videos and documentation
@@ -1,43 +1,39 @@
 infrastructure:
   - title: Account configuration
     description: |
-      Choose from a single or multi account/project setup where each account/project represents a distinct environment.
+      A best practices multi-account set up using <a href="/landing-zone-for-aws">Gruntwork Landing Zone for AWS</a>.
 
   - title: Network Topology
     description: |
-      For each environment, create a VPC with multiple subnet tiers, route tables, NAT Gateways, Network ACLs, etc.
+      For each environment, create a VPC with multiple subnet tiers, route tables, NAT Gateways, Network ACLs, Flow logs, etc.
 
   - title: Server cluster
     description: |
-      Choose from a Docker Cluster (backed by Amazon EC2 Container Service, Amazon EC2 Kubernetes Service, or Google Kubernetes Engine) or Auto Scaling Groups.
+      Choose from a Docker Cluster (backed by Amazon EC2 Container Service or  Amazon EC2 Kubernetes Service) or Auto Scaling Groups.
 
   - title: Load balancer
     description: |
-      Choose your load balancer for distributing traffic across your server cluster.
+      Public AWS Application Load Balancer for customer-facing services, and private ALBs for internal services.
 
   - title: Database
     description: |
-      Choose a supported relational database, such as MySQL, PostgreSQL, MariaDB, Oracle, or SQL Server.
+      Choose a supported RDS database, such as Aurora, MySQL, PostgreSQL, MariaDB, Oracle, or SQL Server.
 
   - title: Cache
     description: |
-      Choose a supported distributed cache, such as Redis or Memcached.
-
-  - title: Other data stores
-    description: |
-      We have support for Kafka, ZooKeeper, MongoDB, ELK (Elasticsearch, Logstash, Kibana), SQS, Kinesis, and more.
+      Choose a Redis or Memcached distributed Elasticache cache cluster.
 
   - title: Static content
     description: |
-      Deploy your images, CSS, and JS into an S3 or GCS bucket and configure a CDN in front of it.
+      Deploy your images, CSS, and JS into an S3 bucket and configure a CloudFront CDN in front of it.
 
   - title: Bastion host
     description: |
-      Choose from either a plain bastion host or an OpenVPN server as the sole entry point to your network.
+      Choose from either a plain Linux host or an OpenVPN server as a remote access network bastion.
 
   - title: CI server
     description: |
-      Choose from Jenkins, CircleCI, or TravisCI.
+      Choose from Jenkins, CircleCI, or GitLab.
 
   - title: Sample frontend app
     description: |
@@ -62,8 +58,12 @@ configuration:
 
   - title: Encryption
     description: |
-      Choose if you want to enable end-to-end encryption for all data at rest and in transit. Mandatory for compliance
-      use-cases (e.g., HIPAA, PCI, SOX, etc).
+      Encryption is enabled by default, including encrypted AMIs, EBS volumes, TLS certificates via AWS Certificate
+      Manager, and everywhere else.
+
+  - title: Infrastructure pipeline
+    description: |
+      Set up a workflow for infrastructure code using <a href="/pipelines">Gruntwork Pipelines</a>.
 
   - title: Automated build &amp; deployment (CI / CD)
     description: |
@@ -72,7 +72,7 @@ configuration:
 
   - title: Monitoring
     description: |
-      Configure metrics in CloudWatch or StackDriver.
+      Configure metrics in CloudWatch.
 
   - title: Alerting
     description: |
@@ -81,11 +81,11 @@ configuration:
 
   - title: Log aggregation
     description: |
-      Configure all servers to send logs to a central location for easier searching and filtering.
+      Centralize all server logs in CloudWatch Logs for easier searching and filtering.
 
   - title: DNS
     description: |
-      Configure your domain name(s).
+      Configure your domain name(s) using Amazon Route 53.
 
 security:
   - title: SSL/TLS
@@ -104,13 +104,21 @@ security:
 
   - title: Secrets management
     description: |
-      Use KMS to securely encrypt and decrypt application secrets, such as database passwords.
+      Use Secrets Manager to securely encrypt and decrypt application secrets, such as database passwords.
 
   - title: Account security
     description: |
-      Enable audit logging for all of your API calls. Create best practices IAM groups and policies for user and
+      Enable centralized audit logging for all of your API calls. Create best practices IAM groups and policies for user and
       permissions management.
 
+  - title: Threat detection
+    description: |
+      Use Amazon GuardDuty to monitor for malicious and unauthorized behavior in your environment.
+
+  - title: Resource configuration
+    description: |
+      Enable AWS Config with a best practices set of Config Rules to monitor for anomalous behavior.
+
 design:
   - title: High Availability
     description: |
@@ -121,16 +129,20 @@ design:
 
   - title: Scalability
     description: |
-      All aspects of the architecture support easy vertical and horizontal scalability: e.g., you can use auto scaling
-      policies to resize the server cluster in response to load; the load balancers will automatically scale up and down
-      in response to load; you can configure read replicas for your database and cache.
+      All aspects of the architecture support easy vertical and horizontal scalability: auto scaling policies
+      resize the server cluster in response to load; the load balancers will automatically scale up and down
+      in response to load; you can configure read replicas for your database and cache clusters.
 
   - title: Infrastructure as code
     description: |
       You get 100% of the source code for everything in the Reference Architecture. It is written using a variety of
-      tools, including Terraform, Packer, Docker, Go, Python, and Bash.
+      tools, including Terragrunt, Terraform, Packer, Docker, Go, Python, and Bash.
+
+  - title: Built for teams
+    description: |
+      With Gruntwork Pipelines, every change is centralized, peer-reviewed, and audited, all using code. Use the pipeline
+      for your infrastructure <i>and</i> application deployments!
 
   - title: Documentation
     description: |
       Comprehensive written and video documentation of everything included in the Reference Architecture.
-
@@ -4,58 +4,55 @@ <h2>A new standard for architecture</h2>
     <p>
       The Reference Architecture is an opinionated, battle-tested,
       best-practices way to assemble the code from the
-      <a href="/infrastructure-as-code-library/"
-        >Infrastructure as Code Library</a
-      >
+      <a href="/infrastructure-as-code-library/">Infrastructure as Code Library</a>
       into an end-to-end tech stack that includes just about everything you
       need: server cluster, load balancer, database, cache, network topology,
       monitoring, alerting, CI/CD, secrets management, VPN, and more (check out
       the <a href="/devops-checklist/">Production Readiness Checklist</a> to see
       what it takes to go to prod).
     </p>
     <p>
-      We customize the Reference Architecture to your needs, deploy into your
-      AWS or GCP accounts, and give you 100% of the code. The whole process
-      takes about one day for AWS! If you're interested in a Reference
-      Architecture for GCP, <a href="/contact">Contact Us</a>!
+      We generate the Reference Architecture based on your needs, deploy into your
+      AWS accounts, and give you 100% of the code. Since you have all the code, you
+      can extend, enhance, and customize the environment exactly according to your
+      needs. The deploy process takes about one day. <a href="/contact">Contact Us</a>
+      to set up a demo!
     </p>
     <p>
       We also offer a
-      <a href="https://www.cisecurity.org/benchmark/amazon_web_services/"
-        >CIS AWS Foundations Benchmark</a
-      >
+      <a href="https://www.cisecurity.org/benchmark/amazon_web_services/">CIS AWS Foundations Benchmark</a>
       compliant version of the Reference Architecture. See our
       <a href="/achieve-compliance">Compliance offering</a> to learn more.
     </p>
     <p
       class="alert"
       style="border: 1px solid #194c5f; background-color: #242e3b;"
     >
-      <strong>Get a Detailed Walkthrough of the Reference Architecture</strong
+      <strong>Get a Detailed Walkthrough of the Reference Architecture Account Structure</strong
       ><br />
-      See our blog post
+      See our guide
       <a
-        href="https://blog.gruntwork.io/how-to-build-an-end-to-end-production-grade-architecture-on-aws-part-1-eae8eeb41fec"
-        >How to Build an End to End Production-Grade Architecture on AWS</a
+        href="https://gruntwork.io/guides/foundations/how-to-configure-production-grade-aws-account-structure/"
+        >How to configure a production-grade AWS account structure using Gruntwork AWS Landing Zone</a
       >.
     </p>
     <div class="text-center ref-arch" style="margin-top: 30px">
       <a
-        href="/assets/img/ref-arch/ref-arch-full.png"
+        href="/assets/img/ref-arch/gruntwork-landing-zone-ref-arch.png"
         title="Click to see the full size image"
         target="_blank"
       >
         <img
-          src="/assets/img/ref-arch/ref-arch-full-medium.png"
+          src="/assets/img/ref-arch/gruntwork-landing-zone-ref-arch-med.png"
           alt="Gruntwork Reference Architecture"
         />
         <div class="ref-arch-overlay">
           <i class="fa fa-search fa-3x" aria-hidden="true"></i>
         </div>
       </a>
       <small class="text-muted"
-        >An example AWS Reference Architecture. GCP Reference Architecture also
-        available.</small
+        >An example AWS Reference Architecture. 
+        </small
       >
     </div>
     {% include_relative _how-it-works.html %}

@@ -1,7 +1,7 @@
 ---
 layout: default
 title: Reference Architecture
-excerpt: An opinionated, end-to-end tech stack built on top of the Infrastructure as Code Library that we deploy into your AWS or GCP accounts in about one day.
+excerpt: An opinionated, end-to-end tech stack built on top of the Infrastructure as Code Library that we deploy into your AWS accounts in about one day.
 permalink: /reference-architecture/
 slug: reference-architecture
 footer_heading: Talk with our team of DevOps experts now!