(DOCSP-17189) API, invitations (#24)

* (DOCSP-17189) API, invitations

Author: zach-carr

snooty.toml

@@ -1,7 +1,7 @@
 name = "cloudgov"
 title = "MongoDB Atlas for Government"
 
-intersphinx = ["https://docs.mongodb.com/manual/objects.inv","https://docs.atlas.mongodb.com/objects.inv"]
+intersphinx = ["https://docs.atlas.mongodb.com/objects.inv", "https://docs.mongodb.com/manual/objects.inv"]
 
 toc_landing_pages = [
   "/tutorial/getting-started",

source/api.txt

@@ -11,61 +11,172 @@ API
 .. contents:: On this page
    :local:
    :backlinks: none
-   :depth: 1
+   :depth: 2
    :class: singlecol
 
-The |cloudgov| |api| functions in the same way as the |service| |api|. 
-To learn more about using the |api|, see the
-:atlas:`Atlas API </api/>` documentation.
+The |cloudgov| |api| functions in the same way as the |service| |api|, 
+except that it uses the following base URL:
+
+.. code-block:: shell
+
+   https://cloud.mongodbgov.com/api/atlas/v1.0
+
+|cloudgov-short| authenticates |api| requests with ``SHA-256`` using 
+:atlas:`HTTP Digest Authentication </api/#std-label-api-authentication>`.
+
+Example Usage
+-------------
+
+This ``curl`` example retrieves database users for a project:
+
+.. code-block:: shell
+
+   curl --user "{PUBLIC-KEY}:{PRIVATE-KEY}" --digest \
+     --header "Accept: application/json" \
+     --header "Content-Type: application/json" \
+     --include \
+     --request GET "https://cloud.mongodbgov.com/api/atlas/v1.0/groups/{PROJECT-ID}/databaseUsers?pretty=true"
+
+- You can find your ``PROJECT-ID`` in your :guilabel:`Project Settings`.
+
+- You can generate an |api| key pair in your organization's 
+  :guilabel:`Access Manager`, under the :guilabel:`API Keys` tab.
+
+See the Atlas Documentation
+---------------------------
+
+- To learn more about using the |api|, see the 
+  :atlas:`Atlas API </api/>`.
+
+- To configure the API, see 
+  :atlas:`Configure Atlas API Access </configure-api-access/>`.
+
+- For a list of possible errors, see 
+  :atlas:`Atlas API Error Codes </reference/api/api-errors/>`.
 
 {+gov-considerations+}
 -----------------------------------
 
+The following cloud providers, MongoDB products, and features are 
+unavailable for all |api| resources:
+
+- |azure|
+
+- |gcp|
+
+- |service| Data Lake
+
+- |service| Online Archives
+
+- |service| Triggers
+
+- MongoDB Charts
+
+- MongoDB Realm
+
+- Free, shared, and ``M10`` clusters
+
 Many of the commercial |service| |api| resources are limited or 
-unavailable.
+unavailable:
 
-You must authenticate |api| requests with ``SHA-256`` in the 
-|http| Digest Access Authentication.
+Database Users
+~~~~~~~~~~~~~~
 
-Security
+Database users who authenticate with 
+:manual:`SCRAM </core/security-scram/>` must use ``SCRAM-SHA-256``.
+
+Clusters
 ~~~~~~~~
 
-- You cannot create |cloudgov-short| users.
+|cloudgov-short| clusters must be tier ``M20`` or higher. Free and 
+shared-tier clusters are not supported.
 
-- |api| keys generated in standard region-only projects cannot be used 
-  to make requests to government region-only projects.
+Alerts
+~~~~~~
 
-Features
-~~~~~~~~
+- Alerts related to payment methods are unavailable.
 
-The following MongoDB products and features are unavailable:
+- Alerts can come from several different email addresses. For more 
+  information, see :ref:`alert-emails`.
 
-- Cloud Manager
+Third-Party Integration Settings
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-- Charts
+You must have the :authrole:`Project Owner` role to 
+configure a third-party monitoring integration.
 
-- Realm
+Atlas Search
+~~~~~~~~~~~~
 
-- Atlas Data Lake
+|service| Search is unavailable in |cloudgov-short|.
 
-- Online Archives
+Cloud Backups
+~~~~~~~~~~~~~
 
-- Atlas Triggers
+|aws-fr-moderate| and |aws-fr-high| backups are not compatible 
+with one another. If you create a backup from a |aws-fr-high| 
+region-only project, you can only restore that data to a |aws-fr-high| 
+region-only project. The same is true for |aws-fr-moderate| region-only 
+projects.
 
-Configuration Options
-~~~~~~~~~~~~~~~~~~~~~
+Shared-Tier Snapshots and Restore Jobs
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-- Free, shared, and ``M10`` clusters unavailable.
+Shared-tier clusters are unavailable in |cloudgov-short|.
 
-- The |azure| and |gcp| cloud providers are unavailable.
+Online Archive
+~~~~~~~~~~~~~~
 
-Alerts
-~~~~~~~
+Online Archives are unavailable in |cloudgov-short|.
+
+Network Peering
+~~~~~~~~~~~~~~~
+
+- You can only peer |aws-fr-high| regions with MongoDB clusters in 
+  |aws-fr-high| regions. You can only peer |aws-fr-moderate| regions 
+  with MongoDB clusters in |aws-fr-moderate| regions.
+
+- |aws| is the only supported cloud provider for |cloudgov-short|.
+
+Private Endpoints
+~~~~~~~~~~~~~~~~~
+
+- You can only link |aws-fr-high| regions with MongoDB clusters in 
+  |aws-fr-high| regions. You can only link |aws-fr-moderate| regions 
+  with MongoDB clusters in |aws-fr-moderate| regions.
+
+- |aws| is the only supported cloud provider for |cloudgov-short|.
 
-- Alerts related to payment methods are not available.
+Monitoring and Logs
+~~~~~~~~~~~~~~~~~~~
 
-.. toctree::
-   :titlesonly:
+In addition to the standard Atlas logging, 
+|cloudgov-short| logs the username and IP address associated with all 
+failed login attempts, temporary lockouts and failed |api| digest 
+authentications.
+
+Encryption at Rest using Customer Key Management
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- You must use KMS keys in |aws-fr-high| regions to encrypt data in 
+  |aws-fr-high| region-only projects. You must use KMS keys in 
+  |aws-fr-moderate| regions to encrypt data in |aws-fr-moderate| 
+  region-only projects.
+
+- |aws| is the only supported cloud provider for |cloudgov-short|.
+
+Atlas Users
+~~~~~~~~~~~
+
+You cannot create |cloudgov| users. |cloudgov| is available by 
+invitation only.
+
+Cloud Provider Access
+~~~~~~~~~~~~~~~~~~~~~
+
+|aws| is the only supported cloud provider for |cloudgov-short|.
+
+Triggers
+~~~~~~~~
 
-   /api/configure
-   /api/resources
+Triggers are unavailable in |cloudgov-short|.

source/atlas-access.txt

@@ -36,12 +36,24 @@ Purchase and Activate a Subscription
 To purchase and activate a |cloudgov-short| subscription, see 
 :ref:`billing`.
 
-Accept an Invitation
-~~~~~~~~~~~~~~~~~~~~
+Accept an Invitation to an Organization
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 |cloudgov-short| invitations are sent by email. To accept an invitation 
-to an organization, follow the instructions in the |cloudgov-short| 
-email you receive.
+to an organization:
+
+.. include:: /includes/steps/accept-invite.rst
+
+Invite a New User to an Organization
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. note::
+   You must be an :authrole:`Organization Owner` to invite users to 
+   your organization.
+
+To invite a user to your organization:
+
+.. include:: /includes/steps/invite-user.rst
 
 Account Limitations
 -------------------
@@ -68,11 +80,8 @@ Passwords
 
 - |cloudgov-short| requires that passwords contain:
 
-  - At least 15 characters,
-  - An upper case letter,
-  - A lower case letter,
-  - A number, and
-  - A special character.
+  - At least 8 characters
+  - Unique characters, numbers, or symbols
 
 Account
 ~~~~~~~
@@ -89,9 +98,9 @@ Account
 User Sessions
 ~~~~~~~~~~~~~
 
-- |cloudgov-short| ends your session after 15 minutes of 
-  inactivity, requiring you to log in again. You are prompted to 
-  continue your current session after 10 minutes of inactivity.
+|cloudgov-short| ends your session after 15 minutes of 
+inactivity, requiring you to log in again. You are prompted to 
+continue your current session after 10 minutes of inactivity.
 
 Organizations and Projects
 --------------------------

source/billing.txt

@@ -17,26 +17,29 @@ You must purchase a subscription to pay for |cloudgov|.
 Purchase a Subscription
 -----------------------
 
-You can purchase a |cloudgov| subscription from the following 
-sources:
+You can purchase a |cloudgov| subscription from:
 
-- The |aws| Marketplace
+- The |aws| Marketplace, or
 
-- :website:`MongoDB Sales </contact/atlas>`
+- :website:`MongoDB Sales </contact/atlas>`.
 
 Activate Your Subscription
 --------------------------
 
-Activate your subscription by accepting the email invitation sent to 
-you by the |aws| Marketplace or MongoDB Sales.
+Activate your subscription by first accepting the email invitation sent 
+to you by the |aws| Marketplace or MongoDB Sales.
 
 When you accept an invitation to register for a new account, your 
 activation code is applied to the first organization you create.
 
+For a complete tutorial on creating an account, activating your 
+subscription and getting started with |cloudgov|, see 
+:ref:`Getting Started <create-account>`.
+
 Limitations
 -----------
 
-- Elastic invoicing is not available.
+- Elastic invoicing is not currently available.
 
 - You cannot use a credit card or PayPal to pay for |cloudgov-short|. 
   Credit card alerts are disabled.

source/billing/subscriptions.txt

@@ -18,12 +18,12 @@ either a :term:`replica set` or a :term:`sharded cluster`.
 {+gov-considerations+}
 -----------------------------------
 
-- When you create a project, you may designate it as a government 
-  region-only project. If you do not, that project is a standard 
-  region-only project. You may only deploy clusters to the type of 
-  region that your project supports.
+- When you create a project, you can designate it as an |aws-fr-high| 
+  region-only project. If you do not, that project is an 
+  |aws-fr-moderate| region-only project. You may only deploy clusters 
+  to the type of region that your project supports.
 
-- You may only create clusters tier ``M20`` and above. Free and shared 
+- You can only create clusters tier ``M20`` and above. Free and shared 
   tier clusters are not available.
 
 See the |service| documentation to

source/clusters.txt

@@ -25,10 +25,11 @@ backup to clusters in that project.
    |cloudgov-short| user roles are the same as 
    :atlas:`Atlas User Roles </reference/user-roles/>`.
 
-Standard and government cloud provider backups are not compatible 
-with one another. If you create a backup from a government region-only 
-project, you may only restore that data to a government region-only 
-project. The same is true for standard region-only projects.
+|aws-fr-moderate| and |aws-fr-high| backups are not compatible 
+with one another. If you create a backup from a |aws-fr-high| 
+region-only project, you can only restore that data to a |aws-fr-high| 
+region-only project. The same is true for |aws-fr-moderate| region-only 
+projects.
 
 For a list of regions by cloud provider, see :ref:`<supported-regions>`.
 

source/clusters/backup-restore-data.txt

@@ -37,6 +37,8 @@ authentications.
 See the |service| documentation to 
 :atlas:`View and Download MongoDB Logs </mongodb-logs/>`
 
+.. _alert-emails:
+
 Alerts and Communications
 -------------------------