From 6958767d9b739b3909c1e61d6a8f611f1da7a01b Mon Sep 17 00:00:00 2001
From: Raphael Titsworth-Morin <raphael@raphaeltm.com>
Date: Thu, 8 Feb 2024 16:38:10 -0800
Subject: [PATCH 1/3] add instance type docs

---
 docs/concepts/deployments.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/docs/concepts/deployments.md b/docs/concepts/deployments.md
index 02a1e8a4d..89ca2c633 100644
--- a/docs/concepts/deployments.md
+++ b/docs/concepts/deployments.md
@@ -18,4 +18,12 @@ In [Defang BYOC](./defang-byoc.md), Defang will use your cloud provider account
 
 :::warning
 Workloads with GPUs do not support zero downtime deployments. If you have a workload with a GPU, you will experience downtime during updates.
+:::
+
+## Instance Types
+
+Defang defaults to "spot" instances. This is a cost-effective way to run your workloads, but it does mean that your workloads can be interrupted at any time. This is consistent with the [12 Factor](https://12factor.net/) principle of [disposability](https://12factor.net/disposability). 
+
+:::info
+In the future, we may provide a way to use "on-demand" instances for workloads that require more stability.
 :::
\ No newline at end of file

From ec5674a58641224a9aee458760d4eea22934e68f Mon Sep 17 00:00:00 2001
From: Raphael Titsworth-Morin <raphael@raphaeltm.com>
Date: Thu, 8 Feb 2024 17:01:33 -0800
Subject: [PATCH 2/3] Update security description and provider runtime
 description

---
 docs/concepts/security.md | 27 ++++++++++++++++++++++++++-
 docs/providers/aws.md     |  2 +-
 2 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/docs/concepts/security.md b/docs/concepts/security.md
index dfcc73fab..9dd4fc0f4 100644
--- a/docs/concepts/security.md
+++ b/docs/concepts/security.md
@@ -1,6 +1,31 @@
 ---
 title: Security    
-description: Defang helps you safely configure your cloud environment and services.
+description: Defang configures your cloud applications and services with security best practices.
 sidebar_position: 600
 ---
 
+# Security
+
+Defang's philosophy is to operate on a principle of "least-privilege". This means that we only give your services the permissions they need to operate.
+
+Because Defang creates roles, you need to have the appropriate permissions to create roles in your cloud provider account, typically the `AdministratorAccess` policy in AWS.
+
+:::tip
+Best practice is to run the Defang CLI in a CI/CD environment and to restrict deployment permissions at that level.
+:::
+
+## Roles & Permissions
+
+Defang creates roles for your services to use, and attaches policies to those roles. This means that your services only have the permissions they need to operate, and nothing more.
+
+## Networking
+
+Defang configures Security Groups, deploys applictions to a private subnet and uses an Application Load Balancer to route traffic to your services from the public internet only when required. 
+
+## TLS
+
+Defang automates the process of obtaining and renewing TLS certificates for your services using AWS Certificate Manager.
+
+## Secrets
+
+Secrets are stored in AWS Systems Manager Parameter Store, and are encrypted using a key stored in AWS Key Management Service (KMS).
\ No newline at end of file
diff --git a/docs/providers/aws.md b/docs/providers/aws.md
index 89a75b673..f13424dc0 100644
--- a/docs/providers/aws.md
+++ b/docs/providers/aws.md
@@ -42,4 +42,4 @@ To deploy your services, the Defang CLI packages your code and uploads it to an
 
 ### Runtime
 
-The provider runs your workloads using ECS using Fargate. It provisions a VPC with public and private subnets, and deploys your services to the private subnets. It then provisions an Application Load Balancer (ALB) and CloudFront to route traffic to your services.
+The provider runs your workloads using ECS using Fargate. It provisions a VPC with public and private subnets, and deploys your services to the private subnets. It then provisions an Application Load Balancer (ALB) and routes traffic to your services.

From 78ba0636cd43f66c5a417e3f2c64b821d30ace63 Mon Sep 17 00:00:00 2001
From: Raphael Titsworth-Morin <raphael@raphaeltm.com>
Date: Thu, 8 Feb 2024 17:42:08 -0800
Subject: [PATCH 3/3] Add AI assistant examples

---
 docs/concepts/ai.md | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/docs/concepts/ai.md b/docs/concepts/ai.md
index 346559aa0..06b7b335e 100644
--- a/docs/concepts/ai.md
+++ b/docs/concepts/ai.md
@@ -6,6 +6,7 @@ sidebar_position: 100
 
 # AI
 
+
 Defang includes an AI-driven assistant that translates natural language prompts to an outline for your project that you can then refine. The AI assistant is available through the [Defang CLI](./getting-started/installing.md).
 
 :::info
@@ -20,4 +21,20 @@ Here are some example prompts that the AI assistant can help you with:
 
 ```
 A basic service with 2 REST endpoints. The default endpoint will be for health check and should return a JSON object like this: { "status": "OK" }. The /echo endpoint will echo back all request parameters in the response.
-```
\ No newline at end of file
+```
+
+```
+A simple service that runs in the cloud and serves a web page
+```
+
+```
+A simple flask app with one route that responds with a json object
+```
+
+```
+A simple next.js app that serves a static page
+```
+
+```
+A simple api with a single route built on express
+```