Skip to content

Fix Broken CFT link on Turbot Guardrails Enterprise Pre-Installation Checklist page. Closes #362 #380

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 5, 2025
Merged

Fix Broken CFT link on Turbot Guardrails Enterprise Pre-Installation Checklist page. Closes #362 #380

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/guides/hosting-guardrails/installation/pre-installation/checklist/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ sidebar_label: Pre-install Checklist
- **Wildcards**: If wildcards are not allowed for the Guardrails TLS certificate, you must add at least two domains to the certificate: `gateway.cloudportal.company.com` and `{workspace_name}.cloudportal.company.com`. For environments that host more than one workspace, a domain will need to be added to the certificate for each workspace.
1. **HA/DR Config**: Decide on your HA/DR configuration. Guardrails can be installed in up to 3 availability zones across 3 regions for mission critical production applications or in a single region/az for dev/sandbox environments.
1. **Networking**: Decide on how you will configure your networking. Turbot Support recommends that you use the Turbot Guardrails Enterprise Foundation (TEF) product to create the VPC and necessary Security Groups for your initial deployment. After successful initial install of the environment you can then progressively harden the VPC to enterprise standards. If you choose to install Guardrails into a custom VPC, it must be set up BEFORE installation starts.
1. **Security Groups**: If using a custom VPC, the Guardrails Samples repo contains a [CloudFormation template](https://github.com/turbot/guardrails-samples/blob/master/installation/security_groups.yml) to create the three required security groups with the required ports. If a proxy is in use, the security group rule for the proxy port must be added to the `OutboundInternetSecurityGroup` resource.
1. **Security Groups**: If using a custom VPC, the Guardrails Samples repo contains a [CloudFormation template](https://github.com/turbot/guardrails-samples/blob/main/enterprise_installation/guardrails_security_groups.yml) to create the three required security groups with the required ports. If a proxy is in use, the security group rule for the proxy port must be added to the `OutboundInternetSecurityGroup` resource.
1. **Event Handling**: Plan out how events will get from the managed cloud accounts back to Guardrails for processing. Turbot Support recommends using an API Gateway when the Guardails console is only reachable from internal networks.
1. **DNS**: Guardrails can use Route53 or third party DNS resolution. Turbot Support recommends Route53 for ease of maintenance during upgrades. Private Route53 hosted zones may be used with proper inbound resolvers.
1. **Custom IAM Roles**: If the organization requires custom external roles not created by Guardrails, refer to the guide for creating [Custom Guardrails IAM Roles](/guardrails/docs/guides/hosting-guardrails/installation/pre-installation/external-role).
Expand Down