Documentation update

docs/dev_environment.md

@@ -58,6 +58,7 @@ in your runtime path:
 ```shell
 $ node --version
 v6.9.4
+$ npm install -g nodemon
 $ nodemon --version
 1.11.0
 ```
@@ -74,10 +75,5 @@ $ cd athenz
 $ mvn clean install
 ```
 
-To build the release packages after the build has completed
-successfully:
-
-```shell
-$ cd assembly
-$ mvn clean package -Dmaven.test.skip=true
-```
+The release packages will be created automatically in the `assembly`
+subdirectory.

docs/setup_aws.md

@@ -32,9 +32,8 @@ and search for "Athenz" in the `Search community AMIs` field:
 
 ![Search Athenz AMI](images/choose_athenz_ami.png)
 
-You might get back multiple matches. The numeric value after `Athenz` is
-the timestamp when the image was built so pick the image with the highest
-value which would be the latest release. Click on `Select` button next
+You might get back multiple matches. Pick the latest image with the most
+recent timestamp after the `Athenz` name. Click on `Select` button next
 to the image name to continue.
 
 On `Step 2: Choose an Instance Type` pick an instance with multiple vCPUs
@@ -57,9 +56,18 @@ Click on `Next: Add Storage`, then on `Next: Add Tags` and finally on
 
 On `Step 6: Configure Security Group` select `Add Rule`, choose
 `Custom TCP Rule` for Type field, 4443 for Port Range field and
-0.0.0.0/0 for Source field. Repeat adding a rule for ports 8443
+select `My IP` for Source field. Repeat adding a rule for ports 8443
 and 9443. Once completed, your setup should be:
 
+By default, AWS has a TCP rule for SSH access from all IP
+addresses with a warning "Rules with source of 0.0.0.0/0 allow all
+IP addresses to access your instance. We recommend setting security
+group rules to allow access from known IP addresses only.". It
+is strongly recommended for the SSH Rule to pick `My IP` from
+the Source drop down field or configure SSH access from your
+company IP range only. Same requirement would also apply
+for Athenz 4443, 8443, and 9443 port access as well.
+
 ![Security Group Setup](images/aws_security_group.png)
 
 Next, click on `Review and Launch` and then on `Launch`.

docs/setup_ui.md

@@ -6,6 +6,7 @@
 * [Getting Software](#getting-software)
 * [Configuration](#configuration)
 * [Start/Stop UI Server](#startstop-ui-server)
+* [UI Access](ui-access)
 
 ## Requirements
 ---------------
@@ -27,6 +28,7 @@ in your runtime path:
 ```shell
 $ node --version
 v6.9.4
+$ npm install -g nodemon
 $ nodemon --version
 1.11.0
 ```
@@ -94,11 +96,34 @@ $ cd athenz-ui-X.Y
 $ bin/athenz_ui stop
 ```
 
-## Befor accessing to UI
------------------------
+## UI Access
+------------
+
+To access Athenz UI in your browser, visit:
+
+```
+https://<ui-server-host-name>:9443
+```
+
+Since the development setup is using self-signed X509 certificates for
+Athenz ZMS and UI servers, the administrator must add exceptions when
+accessing Athenz UI or install the self-signed certificates for those two
+servers into his/her own web browser.
+
+The administrator must first access the ZMS Server endpoint in the browser to
+accept the exception since the Athenz UI contacts ZMS Server to get an authorized
+token for the user when logging in. The administrator must access
+
+```
+https://<zms-server-host-name>:4443
+```
+
+first and accept the certificate exception before accessing Athenz UI.
 
-Install self-signed X509 certificates into your own web browser in order to have HTTPS support for ZMS Server and UI Server:
+Alternatively, the administrator may decide to install the self-signed
+certificates for the ZMS and UI servers in their browser. For ZMS Server,
+the self-signed certificate is called `zms_cert.pem` and this file
+is located in the `athenz-zms-X.Y/var/zms_server/certs` directory.
+For UI Server, the self-signed certificate is called `ui_cert.pem` and this file
+is located in the `athenz-ui-X.Y/keys` directory.
 
-To access UI we need the self-signed certificates for ZMS Server and UI Server.
-From your ZMS Server installation, copy the `zms_cert.pem` file from the `athenz-zms-X.Y/var/zms_server/certs` directory to a local directory on the host that will be running web browser.
-From your UI Server installation, copy the `ui_cert.pem` file from the `athenz-ui-X.Y/keys` directory to a local directory on the host that will be running web browser.