Merge pull request #23 from defang-io/byoc

BYOC Updates

docs/concepts/ai.md

@@ -6,6 +6,7 @@ sidebar_position: 100
 
 # AI
 
+
 Defang includes an AI-driven assistant that translates natural language prompts to an outline for your project that you can then refine. The AI assistant is available through the [Defang CLI](./getting-started/installing.md).
 
 :::info
@@ -20,4 +21,20 @@ Here are some example prompts that the AI assistant can help you with:
 
 ```
 A basic service with 2 REST endpoints. The default endpoint will be for health check and should return a JSON object like this: { "status": "OK" }. The /echo endpoint will echo back all request parameters in the response.
-```
+```
+
+```
+A simple service that runs in the cloud and serves a web page
+```
+
+```
+A simple flask app with one route that responds with a json object
+```
+
+```
+A simple next.js app that serves a static page
+```
+
+```
+A simple api with a single route built on express
+```

docs/concepts/deployments.md

@@ -18,4 +18,12 @@ In [Defang BYOC](./defang-byoc.md), Defang will use your cloud provider account
 
 :::warning
 Workloads with GPUs do not support zero downtime deployments. If you have a workload with a GPU, you will experience downtime during updates.
+:::
+
+## Instance Types
+
+Defang defaults to "spot" instances. This is a cost-effective way to run your workloads, but it does mean that your workloads can be interrupted at any time. This is consistent with the [12 Factor](https://12factor.net/) principle of [disposability](https://12factor.net/disposability). 
+
+:::info
+In the future, we may provide a way to use "on-demand" instances for workloads that require more stability.
 :::

docs/concepts/security.md

@@ -1,6 +1,31 @@
 ---
 title: Security    
-description: Defang helps you safely configure your cloud environment and services.
+description: Defang configures your cloud applications and services with security best practices.
 sidebar_position: 600
 ---
 
+# Security
+
+Defang's philosophy is to operate on a principle of "least-privilege". This means that we only give your services the permissions they need to operate.
+
+Because Defang creates roles, you need to have the appropriate permissions to create roles in your cloud provider account, typically the `AdministratorAccess` policy in AWS.
+
+:::tip
+Best practice is to run the Defang CLI in a CI/CD environment and to restrict deployment permissions at that level.
+:::
+
+## Roles & Permissions
+
+Defang creates roles for your services to use, and attaches policies to those roles. This means that your services only have the permissions they need to operate, and nothing more.
+
+## Networking
+
+Defang configures Security Groups, deploys applictions to a private subnet and uses an Application Load Balancer to route traffic to your services from the public internet only when required. 
+
+## TLS
+
+Defang automates the process of obtaining and renewing TLS certificates for your services using AWS Certificate Manager.
+
+## Secrets
+
+Secrets are stored in AWS Systems Manager Parameter Store, and are encrypted using a key stored in AWS Key Management Service (KMS).

docs/providers/aws.md

@@ -42,4 +42,4 @@ To deploy your services, the Defang CLI packages your code and uploads it to an
 
 ### Runtime
 
-The provider runs your workloads using ECS using Fargate. It provisions a VPC with public and private subnets, and deploys your services to the private subnets. It then provisions an Application Load Balancer (ALB) and CloudFront to route traffic to your services.
+The provider runs your workloads using ECS using Fargate. It provisions a VPC with public and private subnets, and deploys your services to the private subnets. It then provisions an Application Load Balancer (ALB) and routes traffic to your services.