Edits, to fix links, and apply other copy review comments (#36)

JuliaMongo · web-flow · commit 9b83a0625fc3 · 2024-11-14T11:45:30.000-05:00
* Edits, to fix links, and apply other copy review comments that I made earlier

* Trying to fix one link

* Edits

* Edit, per copy review
diff --git a/source/network-security.txt b/source/network-security.txt
@@ -6,40 +6,46 @@ Network Security
 
 .. default-domain:: mongodb
 
+.. facet::
+   :name: genre
+   :values: reference
+
+.. meta::
+   :keywords: atlas architecture center
+   :description: Learn about the network security configurations that Atlas supports.
+
 .. contents:: On this page
    :local:
    :backlinks: none
    :depth: 1
    :class: onecol
 
-{+service+} provides secure defaults for your database deployments
-such as:
+{+service+} provides secure network configuration defaults for your
+database deployments, such as:
 
 - Mandatory |tls-ssl| connection encryption
 - {+vpc+}\s for all projects with one-or-more {+Dedicated-clusters+}
-- Access-list-based authentication which only accepts connections from
-  sources you explicitly declare
+- Authentication that uses {+ip-access-list+}s and only accepts connections
+  from sources you explicitly declare
 
-You can further configure these protections to meet your unique
-security needs and preferences.
+You can further configure these protections to meet your unique security
+needs and preferences.
 
-Use the basic guidance on this page to plan the network security
-configuration for your {+clusters+}.
+Use the recommendations on this page to plan for the network security
+configuration of your {+clusters+}.
 
 {+service+} Features for Network Security
 -----------------------------------------
 
 {+service+} enforces |tls-ssl| encryption for all connections to your
 databases.
 
-All {+service+} projects with one or more M10+ dedicated {+clusters+}
-receive their own dedicated |vpc| on {+aws+} or {+gcp+} (or {+vnet+} if you use
-|azure|). {+service+} deploys all dedicated clusters inside this |vpc|
-or {+vnet+}.
+All {+service+} projects with one or more M10+ dedicated {+clusters+} receive
+their own dedicated |vpc| on {+aws+} or {+gcp+} (or {+vnet+} if you use |azure|).
+{+service+} deploys all dedicated clusters inside this |vpc| or {+vnet+}.
 
-By default, this |vpc| or {+vnet+} allows no inbound access to
-{+service+}. You must explicitly enable access by one of the
-following methods:
+By default, this |vpc| or {+vnet+} allows no inbound access to {+service+}.
+You must explicitly enable access by one of the following methods:
 
 - Add public IP addresses to your {+ip-access-list+}
 - Use |vpc| / {+vnet+} peering to add private IP addresses
@@ -50,24 +56,23 @@ following methods:
 
 {+service+} enforces mandatory |tls| encryption of connections to your
 databases. |tls| 1.2 is the default protocol; you can select |tls| 1.1
-or |tls| 1.0 if necessary. For more information, see the
+or |tls| 1.0 if necessary. To learn more, see the
 :guilabel:`Set Minimum TLS Protocol Version` section of
-:ref:`Configure Additional Setting
+:ref:`Configure Additional Settings
 <create-cluster-additional-settings>`.
 
 {+ip-access-list+}s
-~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 As a |service| administrator, you can:
 
 You can configure {+ip-access-list+}s to limit which IP addresses can
-attempt authentication to your database. Your {+service+} {+clusters+} 
+attempt authentication to your database.
 
 Your {+service+} {+clusters+} allow access only from the IP addresses
-and |cidr| block IP ranges that you add to your
-{+ip-access-list+}. Application servers and other clients cannot
-access your {+service+} {+clusters+} if their IP addresses aren't
-included in your {+ip-access-list+}.
+and |cidr| block IP ranges that you add to your {+ip-access-list+}.
+Application servers and other clients can't access your {+service+}
+{+clusters+} if their IP addresses aren't included in your {+ip-access-list+}.
 
 You can configure :atlas:`temporary access list entries
 </security/ip-access-list/#add-ip-access-list-entries>`
@@ -96,40 +101,38 @@ cases of {+cluster+} changes such as :ref:`vertical scaling
 <sizing-auto-scaling>`,
 :atlas:`topology </reference/glossary/#std-term-topology>` changes, or
 :ref:`maintenance events <configure-maintenance-window>`. However,
-certain topology changes – such as a :ref:`conversion from replica set
+certain topology changes, such as a :ref:`conversion from replica set
 to sharded cluster <scale-cluster-sharding>`, the
 :ref:`addition of shards <scale-cluster-shardNum>`, or a :ref:`region
-change <scale-cluster-region>` – require that you use new IP
-addresses.
+change <scale-cluster-region>` require that you use new IP addresses.
 
 VPC/{+vnet+} Peering
 ~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-Network peering allows you to connect your own |vpc|\s with an Atlas
+Network peering allows you to connect your own |vpc|\s with |a-service|
 |vpc| to route traffic privately and isolate your data flow from the
 public Internet.
 
 Most operations performed over a |vpc| connection originate from your
 application environment, minimizing the need for {+service+} to make
-outbound access requests to peer |vpc|\s. However, if you have
-configured a peer |vpc| to use |ldap| authentication, you must enbale
-{+service+} to connect to the authentication endpoint of your peer
-|vpc| over the |ldap| protocol.
+outbound access requests to peer |vpc|\s. However, if you configure a
+peer |vpc| to use |ldap| authentication, you must enable {+service+} to
+connect to the authentication endpoint of your peer |vpc| over the |ldap|
+protocol.
 
 You can choose your {+service+} |cidr| block with the |vpc| peering wizard
 before you deploy your first {+cluster+}. The {+service+} |vpc| |cidr|
 block must not overlap with the |cidr| block of any |vpc| you intend to
 peer to. {+service+} limits the number of MongoDB instances per |vpc|
-based on the |cidr| block; for example, a project with a |cidr| block of
+based on the |cidr| block. For example, a project with a |cidr| block of
 ``/24`` is limited to the equivalent of 273-node replica sets.
 
 We recommend the following as best practices:
 
-- To maintain tight network trust boundaries, configure mitigations
-  such as security groups and :aws:`network ACLs
-  <vpc/latest/userguide/vpc-network-acls.html>` to prevent inbound
-  access to systems inside your application |vpc|\s from the {+service+}-side
-  |vpc|.
+- To maintain tight network trust boundaries, configure security groups
+  and :aws:`network ACLs </vpc/latest/userguide/vpc-network-acls.html>`
+  to prevent inbound access to systems inside your application |vpc|\s
+  from the {+service+}-side |vpc|.
   
 - Create new |vpc|\s to act as intermediaries between sensitive
   application infrastructure and your {+service+} |vpc|\s. |vpc|\s are
@@ -141,16 +144,16 @@ Private Endpoints
 
 A private endpoint facilitates a one-way connection from your own |vpc|
 to your {+service+} |vpc|, without permitting {+service+} to initiate a
-reciprocal connection. This allows you to make use of secure
-connections to {+service+} without extending your network trust
-boundary. The following private endpoints are available:
+reciprocal connection. This allows you to make use of secure connections
+to {+service+} without extending your network trust boundary. The following
+private endpoints are available:
 
-- {+aws+} :aws:`PrivateLink <vpc/latest/userguide/endpoint-services-overview.html>`,
-  for connections from {+aws+} VPCs
-- {+azure+} :azure:`Private Link <private-link/private-link/overview>`,
+- {+aws+} :aws:`PrivateLink </vpc/latest/userguide/endpoint-services-overview.html>`,
+  for connections from {+aws+} |vpc|\s
+- {+azure+} :azure:`Private Link </private-link/private-link-overview>`,
   for connections from {+azure+} {+vnet+}s
-- :gcp:`Private Service Connect <vpc/docs/private-service-connect>`, for
-  connections from Google Cloud
+- :gcp:`Private Service Connect </vpc/docs/private-service-connect>`, for
+  connections from {+gcp+}
 
 Examples
 --------
@@ -191,7 +194,7 @@ These examples also apply other recommended configurations, including:
 	   </connect-atlas-cli/>` using the steps for :guilabel:`Programmatic Use`.
 
       Create an {+ip-access-list+} Entry
-      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
       Run the following command for each connection you want to
       allow. Change the entries to use the appropriate options and
@@ -249,8 +252,7 @@ These examples also apply other recommended configurations, including:
 
       .. note::
 
-         Before you
-         can create resources with Terraform, you must:
+         Before you can create resources with Terraform, you must:
 
          - :atlas:`Create your paying organization 
            </billing/#configure-a-paying-organization>` and :atlas:`create an API key </configure-api-access/>` for the
@@ -266,14 +268,14 @@ These examples also apply other recommended configurations, including:
            <https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli>`__
 
       Create an {+ip-access-list+} Entry
-      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
       To add an entry to your {+ip-access-list+}, create the following
       file and place it in the directory of the project you want to
       grant access to. Change the IDs and names to use your values:
 
       accessEntryForAddress1.tf
-      `````````````````````````
+      `````````````````````````````
 
       .. include:: /includes/examples/tf-example-access-entry-for-add-1.rst
 
@@ -282,21 +284,21 @@ These examples also apply other recommended configurations, including:
 
       .. code-block::
 
-	 terraform init
+         terraform init
 
       Run the following command to view the Terraform plan:
 
       .. code-block::
 
-	 terraform plan
+         terraform plan
 
       Run the following command to add one entry to the {+ip-access-list+}
       for your project. The command uses the file and the
       |service-terraform| to add the entry.
 
       .. code-block::
 
-	 terraform apply
+         terraform apply
 
       When prompted, type ``yes`` and press :kbd:`Enter` to apply
       the configuration.
@@ -314,34 +316,34 @@ These examples also apply other recommended configurations, including:
 
       .. include:: /includes/examples/tf-example-vpc-connection.rst
 
-      After you create the files, navigate to your project directory
+      After you create the file, navigate to your project directory
       and run the following command to initialize Terraform:
 
       .. code-block::
 
-	 terraform init
+          terraform init
 
       Run the following command to view the Terraform plan:
 
       .. code-block::
 
-	 terraform plan
+         terraform plan
 
       Run the following command to add a |vpc| peering connection from
       your application to your project. The command uses the file and
       the |service-terraform| to add the entry.
 
       .. code-block::
 
-	 terraform apply
+         terraform apply
 
       When prompted, type ``yes`` and press :kbd:`Enter` to apply
       the configuration.
 
       Create a Private Link
       ~~~~~~~~~~~~~~~~~~~~~
 
-      To create a private link from your application |vpc| to
+      To create a PrivateLink from your application |vpc| to
       your {+service+} |vpc|, create the following file and place it in
       the directory of the project you want to connect to. Change
       the IDs and names to use your values:
@@ -351,26 +353,26 @@ These examples also apply other recommended configurations, including:
 
       .. include:: /includes/examples/tf-example-private-link.rst
 
-      After you create the files, navigate to your project directory
+      After you create the file, navigate to your project directory
       and run the following command to initialize Terraform:
 
       .. code-block::
 
-	 terraform init
+         terraform init
 
       Run the following command to view the Terraform plan:
 
       .. code-block::
 
-	 terraform plan
+         terraform plan
 
-      Run the following command to add a privatelink endpoint from
+      Run the following command to add a PrivateLink endpoint from
       your application to your project. The command uses the file and
       the |service-terraform| to add the entry.
 
       .. code-block::
 
-	 terraform apply
+         terraform apply
 
       When prompted, type ``yes`` and press :kbd:`Enter` to apply
       the configuration.
