refine

aws/whats-new/README.md

@@ -1,28 +1,7 @@
-# What's New on our AWS
+# What's New
 
-## 2025-12-31: Test script for cross-account roles
+Details on what's new within our enviroment.  We've got a few sections for you to check out.
 
-In order to validate the cross account roles work, we created a script to use it. This script can be replicated to perform per-account tasks within
-the organization.  We perhaps will make this into a python module so it becomes easier to plug in one's own script without copy/paste of the tool.
-See it at [test-cross-org.py](https://github.e.it.census.gov/terraform/support/tree/master/local-app/python-tools/test-cross-organization).
-
-## 2025-12-30: New Stackset implementing cross-account roles
-
-A new stackset in all organizations (ent-gov, ent-ew, lab-gov) which implements two cross-account roles,
-one for adminsitration so we can query organizations and crawl across the accounts, and the other for emergency
-access driven through a service account with MFA and a user/password.  Currently documented in the `instractructure/global/stacksets/inf-org-crossaccount/`
-directory but will get copied elsewhere:
-
-* [ent-gov](https://github.e.it.census.gov/terraform/252903981224-ma5-gov/tree/master/infrastructure/global/stacksets/inf-org-crossaccount)
-* [ent-ew](https://github.e.it.census.gov/terraform/109223337795-censusaws/tree/master/infrastructure/global/stacksets/inf-org-crossaccount)
-* [lab-gov](https://github.e.it.census.gov/terraform/243219719746-lab-gov-management-nonprod/tree/master/infrastructure/global/stacksets/inf-org-crossaccount)
-
-## 2025-12-30: Proposal to remove CloudTrail and reduce costs
-
-A proposal is in place to strip out all non-organization cloudtrail from all organizations and all accounts.  It is available [here](https://github.e.it.census.gov/terraform/cloud-information/tree/master/aws/proposals/cloudtrail).
-The first step of disabling the Cloudtrail for non-organization trail (inf-org-cloudtrail) has bee done in the EDL accounts.  It will
-be done accross all organizations.  Current non-organization cloudtrail counts:
-
-* ent-gov: 545
-* ent-ew: 983
-* lab-gov: 54
+* [Architecture](architecture)
+* [Terraform](terraform)
+* [Terraform Modules](terraform-modules)

aws/whats-new/architecture/README.md

@@ -0,0 +1,28 @@
+# What's New with our AWS Architecture
+
+## 2025-12-31: Test script for cross-account roles
+
+In order to validate the cross account roles work, we created a script to use it. This script can be replicated to perform per-account tasks within
+the organization.  We perhaps will make this into a python module so it becomes easier to plug in one's own script without copy/paste of the tool.
+See it at [test-cross-org.py](https://github.e.it.census.gov/terraform/support/tree/master/local-app/python-tools/test-cross-organization).
+
+## 2025-12-30: New Stackset implementing cross-account roles
+
+A new stackset in all organizations (ent-gov, ent-ew, lab-gov) which implements two cross-account roles,
+one for adminsitration so we can query organizations and crawl across the accounts, and the other for emergency
+access driven through a service account with MFA and a user/password.  Currently documented in the `instractructure/global/stacksets/inf-org-crossaccount/`
+directory but will get copied elsewhere:
+
+* [ent-gov](https://github.e.it.census.gov/terraform/252903981224-ma5-gov/tree/master/infrastructure/global/stacksets/inf-org-crossaccount)
+* [ent-ew](https://github.e.it.census.gov/terraform/109223337795-censusaws/tree/master/infrastructure/global/stacksets/inf-org-crossaccount)
+* [lab-gov](https://github.e.it.census.gov/terraform/243219719746-lab-gov-management-nonprod/tree/master/infrastructure/global/stacksets/inf-org-crossaccount)
+
+## 2025-12-30: Proposal to remove CloudTrail and reduce costs
+
+A proposal is in place to strip out all non-organization cloudtrail from all organizations and all accounts.  It is available [here](https://github.e.it.census.gov/terraform/cloud-information/tree/master/aws/proposals/cloudtrail).
+The first step of disabling the Cloudtrail for non-organization trail (inf-org-cloudtrail) has bee done in the EDL accounts.  It will
+be done accross all organizations.  Current non-organization cloudtrail counts:
+
+* ent-gov: 545
+* ent-ew: 983
+* lab-gov: 54

aws/whats-new/terraform-modules/README.md

@@ -0,0 +1,12 @@
+# What's New with [Terraform Modules](https://github.e.it.census.gov/terraform-modules/)
+
+## 2025-12-31: [aws-inf-setup//config](https://github.e.it.census.gov/terraform-modules/aws-inf-setup/tree/2.13.0/config)
+
+* 2.13.0 -- 2025-12-31
+  - config
+    - disable global iam things in non-east regions
+    - allow for other resources to be excluded completely
+
+The impetus behind this is that we are double-counting global resources for AWS Config in multiple regions. This is
+not likely the driver of higher costs, however.  We also enabled the use of an additional variable for disabling
+recording for resources entirely, to go along with the resource which get limited to daily checks vs continous.