Release v2.5.0 · cloudposse/docs

♻️ chore(deps): update internal to v3 (major) @cloudpossebot (#894)

[!IMPORTANT]
Do not merge this PR manually. It will be handled automatically by the cloudposse/refarch-scaffold repository.
Instead, please review the changes and merge https://github.com/cloudposse/refarch-scaffold/pull/892

What

This pull request was created by the 🚀 Generate Examples workflow in the cloudposse/refarch-scaffold repository. This PR updates this documentation repo with the latest configuration for the Cloud Posse reference architecture.

Why

This documentation repo is used for reference purposes and should have the latest configuration.

References

Internal PR: https://github.com/cloudposse/refarch-scaffold/pull/892

Change event type for docs preview workflows @goruha (#898)

what

Change event type for docs preview workflows

why

Improve docs preview workflows

DEV-3798 Document the new ECS Strategy @goruha (#856)

what

Document the new ECS Strategy

why

Allow developers to follow the best practices

♻️ feat: foundation scaffold overhaul — new account-layer components, import support, ssosync, remove core-dns @cloudpossebot (#885)

[!IMPORTANT]
Do not merge this PR manually. It will be handled automatically by the cloudposse/refarch-scaffold repository.
Instead, please review the changes and merge https://github.com/cloudposse/refarch-scaffold/pull/886

What

Why

This documentation repo is used for reference purposes and should have the latest configuration.

References

Internal PR: https://github.com/cloudposse/refarch-scaffold/pull/886

Feature: New Docs for account setup @Benbentwo (#896)

This pull request updates the AWS accounts deployment guide and related workflow examples to improve clarity, accuracy, and alignment with the current reference architecture. The changes modernize the step-by-step instructions, clarify the use of instanced components, and update workflow commands and file references to match the latest best practices.

Documentation and workflow improvements:

Updated the deployment guide table and step-by-step instructions to reflect the use of Atmos workflows for deploying the AWS Organization, Organizational Units, Service Control Policies, and account settings, replacing older manual or monolithic approaches. [1] [2] [3]
Clarified that each AWS account and organizational unit is managed as a separate instanced component, with shared defaults and outputs, and updated example commands to match this pattern.
Replaced manual Terraform import instructions for the AWS Organization with an automated workflow, and added verification steps to ensure the organization is adopted correctly.
Added a new step and workflow for deploying Service Control Policies (SCPs), including an additional policy to deny IAM user creation, and updated the corresponding workflow YAML. [1] [2] [3]
Updated references and workflow names for deploying account settings to match the new naming conventions (aws-account-settings). [1] [2]

docs: next-gen component migration guide @Benbentwo (#887)

what

Added new blog post explaining migration to next-gen components with Atmos Auth
Provides practical guidance on using Atmos mixins to update any component version
Includes side-by-side comparison of legacy vs. next-gen provider configurations
Contains step-by-step migration instructions and troubleshooting references

why

Documents the major improvements from Atmos Auth and account-map deprecation
Helps users understand the new authentication approach and how to upgrade components
Provides a clear migration path for both old and new component versions
Complements the existing account-map deprecation announcement with practical implementation guidance

references

Relates to account-map deprecation: https://docs.cloudposse.com/blog/deprecate-account-map/
Migration guide: /layers/project/tutorials/migrate-from-account-map/
Atmos Auth docs: https://atmos.tools/cli/auth

docs: Add detailed Google Workspace IdP setup guide @Benbentwo (#893)

what

Split the combined "GSuite and Other External IdPs" tab into two dedicated tabs for clearer guidance
Added comprehensive step-by-step setup instructions for Google Workspace SAML and SCIM provisioning
Included links to the official AWS documentation for Google Workspace IdP configuration
Reorganized "Other External IdPs" instructions with improved formatting and references to AWS supported IdPs

why

Google Workspace setup is sufficiently complex to warrant dedicated documentation with detailed steps
Users implementing Google Workspace integration needed better guidance, especially for SCIM provisioning
The generic instructions for other IdPs are now easier to find and reference
Linking to AWS documentation (gs-gwp steps 1 and 3) provides authoritative setup guidance

references

Closes ARCH-679
AWS docs: https://docs.aws.amazon.com/singlesignon/latest/userguide/gs-gwp.html
AWS Blog: https://aws.amazon.com/blogs/security/how-to-use-g-suite-as-external-identity-provider-aws-sso/

blog: announce modular AWS account components @Benbentwo (#891)

what

Add blog post announcing the new modular AWS account components (V2)
Replaces monolithic account and account-settings with six focused components: aws-account, aws-organization, aws-organizational-unit, aws-scp, aws-account-settings, aws-budget
Documents the providers.tf vendoring caveat for legacy infrastructure adoption

why

Enables users to understand the benefits of the new modular component structure
Provides clear migration guidance for adopting modular components with existing account-map setups
Connects to broader Reference Architecture V2 changes and account-map deprecation

references

Related: Deprecating Account-Map blog post
Component repos: cloudposse-terraform-components
Accounts layer docs: Account Management

Clarify root user requirement for IAM billing access @Benbentwo (#892)

what

Added explicit warning that only AWS root users can activate IAM billing access
Included detailed sign-in instructions for root user authentication
Expanded steps with specific AWS Console UI actions (Edit, Activate, Update)
Clarified the purpose: allowing IAM users and SSO roles to view billing information

why

The previous documentation was too brief and didn't explain that IAM users and SSO permission sets cannot change this billing setting. Users were confused about why they couldn't enable billing access from their IAM user account.

references

Based on user feedback about insufficient documentation for enabling IAM user billing access.

♻️ chore(deps): update internal (major) @cloudpossebot (#868)

[!IMPORTANT]
Do not merge this PR manually. It will be handled automatically by the cloudposse/refarch-scaffold repository.
Instead, please review the changes and merge https://github.com/cloudposse/refarch-scaffold/pull/851

What

Why

This documentation repo is used for reference purposes and should have the latest configuration.

References

Internal PR: https://github.com/cloudposse/refarch-scaffold/pull/851

♻️ Major: Merge Staging into main @cloudpossebot (#886)

[!IMPORTANT]
Do not merge this PR manually. It will be handled automatically by the cloudposse/refarch-scaffold repository.
Instead, please review the changes and merge https://github.com/cloudposse/refarch-scaffold/pull/888

What

Why

This documentation repo is used for reference purposes and should have the latest configuration.

References

Internal PR: https://github.com/cloudposse/refarch-scaffold/pull/888

fix: update atmos auth commands in coldstart docs @Benbentwo (#883)

what

Updated atmos auth login to include -i core-root/terraform identity flag in the Prepare AWS Organization guide
Updated atmos auth exec command with the same identity flag
Ensures correct identity context during superadmin coldstart phase

why

These commands require explicit identity specification to authenticate properly as superadmin
Improves clarity and prevents authentication issues for users following the coldstart documentation

references

Updates step 3 and verification step in the "Configure Atmos Auth for SuperAdmin" section
Also updates the daily usage note for consistency

Fix step numbering on tfstate initialization docs @Benbentwo (#882)

what

Moved the wildcard IAM patterns details block inside Step 1 to fix step numbering
Steps now correctly display as 1, 2, 3 instead of 1, 3 (skipping 2)

why

The <details> block was placed between steps outside any <Step> component, causing <StepNumber/> to count it
This created a visual gap in step numbering that confused users

references

DEV-4017

♻️ feat: add sqs-queue example stack catalog @cloudpossebot (#881)

[!IMPORTANT]
Do not merge this PR manually. It will be handled automatically by the cloudposse/refarch-scaffold repository.
Instead, please review the changes and merge https://github.com/cloudposse/refarch-scaffold/pull/864

What

Why

This documentation repo is used for reference purposes and should have the latest configuration.

References

Internal PR: https://github.com/cloudposse/refarch-scaffold/pull/864

♻️ fix: rename sns-topic example to use slash naming convention @cloudpossebot (#880)

[!IMPORTANT]
Do not merge this PR manually. It will be handled automatically by the cloudposse/refarch-scaffold repository.
Instead, please review the changes and merge https://github.com/cloudposse/refarch-scaffold/pull/861

What

Why

This documentation repo is used for reference purposes and should have the latest configuration.

References

Internal PR: https://github.com/cloudposse/refarch-scaffold/pull/861

Uh oh!

v2.5.0

What

Why

References

what

why

what

why

What

Why

References

what

why

references

what

why

references

what

why

references

what

why

references

What

Why

References

What

Why

References

what

why

references

what

why

references

What

Why

References

What

Why

References

Contributors

Uh oh!