sysdiglabs
diff --git a/‎use-cases/org-existing-cloudtrail-ecs-vpc-subnet.md
Lines changed: 30 additions & 35 deletions b/‎use-cases/org-existing-cloudtrail-ecs-vpc-subnet.md
Lines changed: 30 additions & 35 deletions
diff --git a/‎use-cases/org-single-account.md
Lines changed: 23 additions & 19 deletions b/‎use-cases/org-single-account.md
Lines changed: 23 additions & 19 deletions
@@ -1,41 +1,37 @@
-# OrganizationSetup - Existing Cloudtrail - Existing ECS/VPC/Subnet
+# AWS Organizational Setup with Existing ECS Environment
 
-## Use-Case explanation
+## Overview
 
-**Client Setup**
+This usecase covers securing an AWS organizational setup consisting an existing ECS cluster with its own VPC and subnet.
 
-- [X] organizational setup
-  - [X] organizational cloudtrail that reports to SNS and persists events in a managed-account stored S3 bucket
-  - [X] member account usage - all required and pre-existing resources exist in the same account
-    - cloudtrail/sns/s3 in the management account
-    - and pre-existing objects in the same account where Sysdig Secure for Cloud workload is to be deployed
-  - [ ] member account usage - all required resources are in scattered organizational member accounts
-- [X] pre-existing resources
-  - [X] organizational cloudtrail, reporting to an SNS topic and delivering events to the S3 bucket
-  - [X] ecs cluster/vpc/subnet we want to use to deploy Sysdig for Cloud workload
-  - [ ] k8s cluster we want to use to deploy Sysdig for Cloud workload
+### User Setup
 
-**Sysdig Secure For Cloud Features**
+- [X] AWS organizational account
+  - [X] Organizational Cloudtrail that reports to SNS and persists events in a managed-account S3 bucket
+  - [X] Member account usage: All the required and pre-existing resources exist in the same account
+    - Cloudtrail, SNS, and S3 in the Management account
+    - Pre-existing objects in the same account where Sysdig Secure for Cloud workload is to be deployed
+  - [ ] Member account usage: All the required resources reside in different member accounts
+- [X] Pre-existing resources
+  - [X] Organizational cloudtrail reporting to an SNS topic and delivering events to the S3 bucket
+  - [X] ECS cluster with VPC and subnet to deploy Sysdig for Cloud workload
+  - [ ] Kubernetes cluster to deploy Sysdig for Cloud workload
 
-- [X] threat Detection
-  - [X] all accounts of the organization (management account included)
+### Sysdig Secure For Cloud Features
+
+- [X] Threat Detection
+  - [X] all accounts of the organization, including the Management account
 - [ ] image Scanning (?)
-  - [ ] ecr pushed images
-  - [ ] ecs running images
+  - [ ] ECR pushed images
+  - [ ] ECS running images
 - [ ] CSPM/Compliance (?)
 - [ ] CIEM (?)
 
+## Preparation
 
+For this usecase, you will use the [`./examples/organizational`](../examples/organizational/README.md) setup. In order for this setup to work, several roles and permissions are required. Before proceeding, see the [readme](../examples/organizational/README.md)  and check whether you comply with the requirements.
 
-
-## Suggested setup
-
-For this use-case we're going to use the [`./examples/organizational`](../examples/organizational/README.md) setup.
-In order for this setup to work, several roles and permissions are required.
-Before proceeding, please read the example README and check whether you comply with requirements.
-
-Please contact us if something requires to be adjusted.
-
+Contact Sysdig for support.
 
 ### Step by Step Example Guide
 
@@ -76,17 +72,17 @@ module "utils_ecs-vpc" {
 ```
 -->
 
-1. Configure `AWS_PROFILE` with an organizational Administration credentials
+1. Configure `AWS_PROFILE` with an organizational administration credentials.
 
-2. Choose an Organizational **Member account for Sysdig Workload** to be deployed.
-   - This accountID will be provided in the `SYSDIG_SECURE_FOR_CLOUD_MEMBER_ACCOUNT_ID` parameter
-   - Use-case workload-related pre-existing resources (ecs,vpc,subnets) must live within this member account
+2. Choose an Organizational member account for Sysdig Workload to be deployed.
+   - Note the account ID of this account. This value will be provided in the `SYSDIG_SECURE_FOR_CLOUD_MEMBER_ACCOUNT_ID` parameter.
+   - Ensure that workload resources (ECS, VPC, subnets) exist in this member account.
 
-3. Use `organizational` example snippet with following parameters
+3. Use the  `organizational` example snippet with following parameters:
 
    - General
-     - `AWS_REGION` Same region is to be used for both organizational managed account and Sysdig workload member account resources.
-     - `SYSDIG_SECURE_FOR_CLOUD_MEMBER_ACCOUNT_ID` where Sysdig Workload is to be deployed under the pre-existing ECS
+     - `AWS_REGION` : Same region is to be used for both organizational managed account and Sysdig workload member account resources.
+     - `SYSDIG_SECURE_FOR_CLOUD_MEMBER_ACCOUNT_ID`:  where Sysdig Workload is to be deployed under the pre-existing ECS
 
    - Existing Organizational Cloudtrail Setup
      - `CLOUDTRAIL_SNS_ARN`
@@ -103,7 +99,6 @@ module "utils_ecs-vpc" {
      - `ECS_VPC_ID` ex.: "vpc-0e91bfef6693f296b"
      - `ECS_VPC_SUBNET_PRIVATE_ID_X` Two subnets for the VPC. ex.: "subnet-0c7d803ecdc88437b"<br/><br/>
 
-
 ### Terraform Manifest Snippet
 
 ```terraform
 
@@ -1,35 +1,39 @@
-# OrganizationSetup - Single-Account deployment
+# Organization Setup: Single Account Deployment
 
-## Use-Case explanation
+## Overview
 
-This use case will cover the way of deploying  `examples/organizational` within a more limited scope (single-account)
+This use case will leverage the [`examples/organizational`](./examples/organizational/README.md) setup within a more limited scope (single-account). Therefore, the CloudTrail you will set up will be organizational.
 
- > Being able to **allow/deny member accounts** where SecureForCloud is deployed, in organizational example, is under
- > feature-request.
+ > Being able to allow/deny member accounts where Secure for Cloud is deployed is under development.
 
-### Scope and Limitations
+### Features
 
-- While the feature-request is being developed, this workaround will only cover following [features](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud#sysdig-secure-for-cloud-in-aws)
-  - [x] Thread Detection
-  - [x] Compliance
-  - [x] Identity and Access Management
-  - [ ] Image scanning
-- Because we will still rely on organizational setup, the **cloudtrail will still be organizational**
+This use case provides the following [Sysdig Secure For Cloud](https://docs.sysdig.com/en/docs/sysdig-secure/sysdig-secure-for-cloud/#features) features:
 
-## Suggested setup
+- [Threat Detection](https://docs.sysdig.com/en/docs/sysdig-secure/policies/threat-detect-policies/)
+- [Posture](https://docs.sysdig.com/en/docs/sysdig-secure/posture/)
+- [Compliance](https://docs.sysdig.com/en/docs/sysdig-secure/posture/compliance/)
+- [Identity Access Management](https://docs.sysdig.com/en/docs/sysdig-secure/posture/identity-and-access/)
 
-We will rely on
+## Preparation
 
-- the `deploy_benchmark_organizational"` input variable of the example.
+You will use the following to enable single account deployment:
+
+### `deploy_benchmark_organizational`
+
+You will set the `deploy_benchmark_organizational"` variable to false in the terraform configuration.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_deploy_benchmark_organizational"></a> [deploy\_benchmark\_organizational](#input\_deploy\_benchmark\_organizational) | true/false whether benchmark module should be deployed on organizational or single-account mode (1 role per org accounts if true, 1 role in default aws provider account if false)</li></ul> | `bool` | `true` | no |
+| <a name="input_deploy_benchmark_organizational"></a> [deploy\_benchmark\_organizational](#input\_deploy\_benchmark\_organizational) | Determines if the benchmark module should be deployed on organizational or single-account mode. Creates one role per org accounts if true. Creates one role in the default aws provider account if false)</li></ul> | `bool` | `true` | no |
+
+### AWS Terraform Providers
+
+You will work on the following setups: default and member terraform providers.
 
+  1. Member account: Use the [default use-case snippet](#terraform-snippet) to deploy compute and compliance role in a member account.
+  2. Management account: Use the [default use-case snippet](#terraform-snippet) to deploy compute  on the Management account.
 
-- the two aws terraform providers (default, member); here we will work two setups
-  1. to deploy compute and compliance role **just in one member account**, use [default use-case snippet](#terraform-snippet)
-  1. to deploy compute part **on management account**, use following provider setup on the [default use-case snippet](#terraform-snippet)<br/>
     ```terraform
     provider "aws" {
       region = var.region