port docs from pdf guide

Author: jaymccon

docs/images/image1.png

@@ -1,26 +1,26 @@
 // Do not change this first attribute. Do change the others.
 :quickstart-team-name: AWS Quick Start team
-:quickstart-project-name: quickstart-documentation-base
-:partner-product-name: Example Product Name
+:quickstart-project-name: quickstart-git2s3
+:partner-product-name: Git Webhooks
 // For the following attribute, if you have no short name, enter the same name as partner-product-name.
-:partner-product-short-name: Example Product Name
+:partner-product-short-name: Git Webhooks
 // If there's no partner, comment partner-company-name and partner-contributors.
-:partner-company-name: Example Company Name, Ltd.
-:doc-month: Month of launch or significant update (spelled out)
-:doc-year: Year
+// :partner-company-name: Example Company Name, Ltd.
+:doc-month: October
+:doc-year: 2020
 // For the following two "contributor" attributes, if the partner agrees to include names in the byline, 
 // enter names for both partner-contributors and quickstart-contributors. 
 // Otherwise, delete all placeholder names: everything preceding "{partner-company-name}"  
 // and "{quickstart-team-name}". Use commas as shown in the placeholder text. 
 // Use the comma before "and" only when three or more names.
-:partner-contributors: Shuai Ye, Michael McConnell, and John Smith, {partner-company-name}
-:quickstart-contributors: Toni Jones, {quickstart-team-name}
+// :partner-contributors: Shuai Ye, Michael McConnell, and John Smith, {partner-company-name}
+:quickstart-contributors: Kirankumar Chandrashekar and Jay McConnell, Amazon Web Services
 // For deployment_time, use minutes if deployment takes an hour or less, 
 // for example, 30 minutes or 60 minutes. 
 // Use hours for deployment times greater than 60 minutes (rounded to a quarter hour),
 // for example, 1.25 hours, 2 hours, 2.5 hours.
-:deployment_time: 15 minutes / 60 minutes / 1.5 hours
-:default_deployment_region: us-east-1
+:deployment_time: 15 minutes
+:default_deployment_region: us-east-2
 // Uncomment the following two attributes if you are using an AWS Marketplace listing.
 // Additional content will be generated automatically based on these attributes.
 // :marketplace_subscription:

docs/images/image2.png

@@ -1,23 +1,47 @@
-// Add steps as necessary for accessing the software, post-configuration, and testing. Don’t include full usage instructions for your software, but add links to your product documentation for that information.
-//Should any sections not be applicable, remove them
+==== Adding an API Secret After Deployment
+
+In some cases, your Git service may provide security mechanisms like API secrets when you create the webhook. In these cases, you can launch the Quick Start with a blank parameter value for the *API Secret* parameter, and then update the stack to provide the value of the parameter. Follow these steps:
+
+. In the https://console.aws.amazon.com/cloudformation[AWS Cloudformation console], select the stack.
+
+[arabic, start=2]
+. Choose *Actions*, and then choose *Update Stack*.
+. Keep the default to use the current template.
+. On the *Specify Details* page, change the *API Secret* parameter setting.
+. Choose *Next* twice.
+
+[arabic, start=10]
+. Under *Capabilities*, select the check box to acknowledge that the template will create IAM resources, and then choose *Update*.
+
+When the status is *UPDATE_COMPLETE*, the stack has been updated with the webhook secret you specified for security.
 
 == Test the deployment
-// If steps are required to test the deployment, add them here. If not, remove the heading
 
-== Post deployment steps
-// If Post-deployment steps are required, add them here. If not, remove the heading
+Before putting the webhook into production, you should test your deployment.
+
+. Modify a file in your repository.
+
+image:../images/image6.png[../Desktop/Screen_Shot_2017-07-15_at_11_35_57_AM.png,width=529,height=21]
+
+. Commit and push the changes.
+
+image:../images/image7.png[Figure 4,width=648,height=198]
+
+[start=2]
+. Wait a few minutes and check your S3 bucket for a new (or updated) object with a key that matches your repository path.
+
+image:../images/image8.png[Figure 5,width=646,height=348]
+
+*Figure 5: Checking for S3 bucket updates after a commit*
 
-== Best practices for using {partner-product-short-name} on AWS
-// Provide post-deployment best practices for using the technology on AWS, including considerations such as migrating data, backups, ensuring high performance, high availability, etc. Link to software documentation for detailed information.
+=== Best Practices
 
-_Add any best practices for using the software._
+The architecture built by this Quick Start supports AWS best practices for security.
 
-== Security
-// Provide post-deployment best practices for using the technology on AWS, including considerations such as migrating data, backups, ensuring high performance, high availability, etc. Link to software documentation for detailed information.
+==== SSH Keys
 
-_Add any security-related information._
+SSH keys are generated at stack creation, and are then encrypted using AWS KMS and the encrypted copy stored in Amazon S3. When you use the Git pull endpoint, the private key is fetched by the Lambda function, decrypted, and used to authenticate against your Git service to perform a clone of the repository. We don’t recommend (a) reusing SSH keys for multiple services, or (b) launching another instance of this Quick Start for each repository that you wish to clone to Amazon S3; this ensures that each repository uses unique keys.
 
-== Other useful information
-//Provide any other information of interest to users, especially focusing on areas where AWS or cloud usage differs from on-premises usage.
+==== Webhook Security
 
-_Add any other details that will help the customer use the software on AWS._
+Different Git services provide varying ways to authenticate against an endpoint. The Git pull endpoint supports webhook secrets (used by GitHub Enterprise, GitLab, and other Git repository managers) as well as source IP address whitelisting. The zip download endpoint supports personal access tokens (as used by GitHub Enterprise and GitLab) and OAuth2 (used by Bitbucket). We recommend that you set up at least one of these security mechanisms to protect your webhook API endpoint. For more information about how this Quick Start utilizes these mechanisms, see the parameters in the link:#deployment-steps[Deployment Steps] section of this guide. For product-specific guidance on how to configure these security mechanisms, refer to your Git product’s documentation.