CIS v1.5 upgrade guide (#651)

* HL structure and rough draft

* Edits to steps 2 and 3

* Added tf diff checks

* Fixed headings

* Added refs to changelogs

* Added index and core concepts pages

* Moved to _docs-sources

* Simplified to focus on  multi_region_common.hcl

* Added next steps and outline patcher guide

* Added Steampipe instructions

* Update Production Framework guide to remove roadmap items (#648)

* Update Production Framework guide to remove roadmap items

A customer reported confusion on a roadmap commitment we made here. We shouldn't be making roadmap commitments here since it's too hard to keep track of them and they'll inevitably get out of date.

So I've updated the "How Gruntwork Helps" column to reflect our latest offerings and removed the "On the Roadmap" column.

* Update callout to reflect new Pipelines example (#650)

- New example in service catalog is preferred deployment experience

* add pr feedback wip

* add install docs

* Add generated docs

* Update _docs-sources/guides/stay-up-to-date/cis/cis-1.5.0/deployment-walkthrough/step-2-update-references-to-the-gruntwork-infrastructure-as-code-library.md

Co-authored-by: Marina <[email protected]>

* Fix broken links -- deploy was not working

* Fix links -- remove extra deployment-walkthrough/

* Text improvements and add screenshots

* More text improvements

* Mention cis ref archC

* Add 'what are patches' and some text fixes

* Updated `_docs-sources` with this contribution and regenerated output.

* Add card on the 'Update guides' section

* Fix upgrades number

* Updated `_docs-sources` with this contribution and regenerated output.

* Update _docs-sources/guides/stay-up-to-date/cis/cis-1.5.0/deployment-walkthrough/step-2-update-references-to-the-gruntwork-infrastructure-as-code-library.md

* Update generated docs

---------

Co-authored-by: Josh Padnick <[email protected]>
Co-authored-by: Zack Proser <[email protected]>
Co-authored-by: Rob Morgan <[email protected]>
Co-authored-by: Marina Limeira <[email protected]>
Co-authored-by: Marina <[email protected]>
Co-authored-by: docs-sourcer[bot] <99042413+docs-sourcer[bot]@users.noreply.github.com>

Author: 7 people

_docs-sources/guides/stay-up-to-date/cis/cis-1.5.0/_category_.json

@@ -0,0 +1,3 @@
+{
+  "label": "Update to CIS AWS Foundations Benchmark 1.5.0"
+}

_docs-sources/guides/stay-up-to-date/cis/cis-1.5.0/core-concepts.md

@@ -0,0 +1,41 @@
+---
+sidebar_label: Core Concepts
+---
+
+# Background
+
+Version 1.5.0 of the CIS AWS Foundations Benchmark was released in August of 2022. You can refer to the [CIS website](https://www.cisecurity.org/benchmark/amazon_web_services/)
+where you can download the latest version of the Benchmark (as well as all the previous versions).
+The latest version introduces five new recommendations, and also updates a couple of existing recommendations.
+
+## Changes in recommendations
+
+Changes in recommendations (both additions and removals) are listed below. You can think of these as a "diff"
+between versions 1.4.0 and 1.5.0.
+
+### New recommendations
+
+These are the new recommendations introduced in version 1.5.0 of the benchmark:
+
+- 2.3.2: Ensure Auto Minor Version Upgrade feature is Enabled for RDS Instances
+- 2.3.3: Ensure that public access is not given to RDS Instance
+- 2.4.1: Ensure that encryption is enabled for EFS file systems
+- 4.16: Ensure AWS Security Hub is enabled
+- 5.3: Ensure no security groups allow ingress from ::/0 to remote server administration ports
+
+### Updated recommendations
+
+Version 1.5.0 also updated a few recommendations.
+
+- 1.12: Ensure credentials unused for 45 days or greater are disabled. The previous recommendation did not exclude the root account from this requirement.
+- 2.1.2: Ensure S3 Bucket Policy is set to deny HTTP requests. The previous recommendation specified `Actions=GetObject`, this is updated to `Actions=*`
+- 3.8: Ensure rotation for customer created symmetric CMKs is enabled. The previous recommendation did not specify symmetric keys.
+
+## New Gruntwork modules vs. existing modules
+
+To achieve compliance with the new version of the benchmark, we've updated a bunch of existing modules. We've also
+created a new CIS RDS and EFS module to satisfy the expanded recommendations.
+
+To ensure compliance with version 1.5.0 of the CIS AWS Foundations Benchmark, you'll need to follow all the
+instructions in the [Deployment walkthrough](deployment-walkthrough/step-1-check-your-live-infrastructure-is-cis-v1.4-compliant.md) section. We've
+expanded the steps in the guide to include checking v1.4.0 compliance before updating and checking v1.5.0 compliance after the update.

_docs-sources/guides/stay-up-to-date/cis/cis-1.5.0/deployment-walkthrough/_category_.json

@@ -0,0 +1,3 @@
+{
+"label": "Deployment walkthrough"
+}

_docs-sources/guides/stay-up-to-date/cis/cis-1.5.0/deployment-walkthrough/step-1-check-your-live-infrastructure-is-cis-v1.4-compliant.md

@@ -0,0 +1,81 @@
+---
+sidebar_label: Check your live infrastructure is CIS AWS v1.4 compliant
+---
+
+# Step 1: Check your live infrastructure is CIS AWS v1.4 compliant
+
+The later steps in this guide assume that you are upgrading from CIS AWS Foundations Benchmark v1.4 to v1.5.
+
+Before you update to CIS AWS Foundations Benchmark v1.5, we strongly recommend that you confirm that your live
+infrastructure is compliant with the CIS AWS Foundations Benchmark v1.4.
+
+If you do not have existing tooling in place to confirm this, then we suggest that you run the
+[Steampipe CIS v1.4.0](https://hub.steampipe.io/mods/turbot/aws_compliance/controls/benchmark.cis_v140) check against
+your infrastructure.
+
+In the final step in this guide, we suggest you run Steampipe to verify that your infrastructure is CIS AWS Foundations
+Benchmark v1.5 compliant.
+
+## 1.1 Download and install Steampipe
+
+Homebrew is the recommended way to install Steampipe for Mac. Instructions for different OS versions can be found at
+https://steampipe.io/downloads.
+
+```
+brew tap turbot/tap
+brew install steampipe
+```
+
+Next install the AWS plugin with Steampipe:
+
+```
+steampipe plugin install aws
+```
+
+## 1.2 Configure Steampipe with AWS credentials
+
+The [Steampipe AWS plugin](https://hub.steampipe.io/plugins/turbot/aws) supports a range of options for granting
+Steampipe access to your AWS accounts.
+
+In order for the compliance checks to work correctly, you need to:
+- Configure [multi-region connections](https://hub.steampipe.io/plugins/turbot/aws#multi-region-connections) so that Steampipe can access to all the regions you are using
+- Configure [multi-account connections](https://hub.steampipe.io/plugins/turbot/aws#multi-account-connections) so that Steampipe can access all the accounts you are using
+
+## 1.3 Clone the Steampipe AWS Compliance Mod
+
+The [AWS Compliance Mod](https://hub.steampipe.io/mods/turbot/aws_compliance#aws-compliance-mod) includes compliance
+checks for CIS AWS Foundations Benchmark v1.4 and v1.5.
+
+Clone:
+
+```
+git clone https://github.com/turbot/steampipe-mod-aws-compliance.git
+cd steampipe-mod-aws-compliance
+```
+
+## 1.4 Run the CIS v1.4.0 compliance check
+
+Before running, an IAM credential report needs to be generated:
+
+```
+aws iam generate-credential-report
+```
+
+Run the check while authenticated to the AWS account you want to verify:
+
+```
+steampipe check aws_compliance.benchmark.cis_v140
+```
+
+Example:
+
+```
+aws-vault exec dev -- aws iam generate-credential-report
+aws-vault exec dev -- steampipe check aws_compliance.benchmark.cis_v140
+```
+
+## Next steps
+
+If you've confirmed that your live infrastructure is compliant with the CIS AWS Foundations Benchmark v1.4 then you're
+ready to move to [step 2](step-2-update-references-to-the-gruntwork-infrastructure-as-code-library.md) and update your
+references to the Gruntwork Infrastructure as Code Library. Otherwise, if some checks are failing you should check the [Manual steps](/guides/build-it-yourself/achieve-compliance/deployment-walkthrough/manual-steps) section, that contains extra steps to achieve CIS compliance.