tweaks

content/00-intro/04-foundation-capabilities.md

@@ -46,7 +46,7 @@ Initial degrees of foundational capabilities addressed by this guide include:
 **Security**
 * AWS account hardening
 * An initial set of guardrails to help ehance the security of your overall AWS environment
-* Centralized secure logging of AWS API calls and AWS resource configuration changes
+* Centralized logging of AWS API calls and AWS resource configuration changes
 * Federated access to help manage human user access to your AWS environment
 * Policies to help manage access to AWS accounts:
   * Cloud platform team access including cloud and security administration, audit, and finance

content/01-up-front-tasks/02-review-solution.md

@@ -36,7 +36,7 @@ Once you’ve either identified a compatible existing AWS account or signed up f
 
 Your management AWS account will be the place in which your cloud administrators will use AWS Control Tower’s [Account Factory](https://docs.aws.amazon.com/controltower/latest/userguide/account-factory.html) via AWS Service Catalog to create new team development accounts.  You will use AWS Single Sign-On (AWS SSO) to create and manage groups and users in a locally managed directory.
 
-AWS Control Tower sets up a Log Archive AWS account to securely store logs such as AWS CloudTrail logs that record access to all AWS APIs across your AWS accounts and AWS Config logs that record all changes to AWS resources across your AWS accounts.
+AWS Control Tower sets up a Log Archive AWS account to help securely store logs such as AWS CloudTrail logs that record access to all AWS APIs across your AWS accounts and AWS Config logs that record all changes to AWS resources across your AWS accounts.
 
 ## Standard AWS Control Tower Guardrails
 

content/02-base/01-prepare-management-aws-account.md

@@ -18,7 +18,7 @@ This step should take about 20 minutes to create a new AWS management account an
 
 ## 1. Review the benefits of using multiple AWS accounts
 
-AWS accounts are coarse grained resource containers that help you isolate and secure different collections of cloud resources and data. Use of multiple AWS accounts can make your use of cloud more secure by providing clear ownership and control boundaries and lowering the blast radius of any particular set of cloud resources. 
+AWS accounts are coarse grained resource containers that help you isolate and help secure different collections of cloud resources and data. Use of multiple AWS accounts can help make your use of cloud more secure by providing clear ownership and control boundaries and lowering the blast radius of any particular set of cloud resources. 
 
 In support of your initial need for team development environments, this guide first leads you through the process to create an initial set of foundation and builder team development AWS accounts.  Later in the guide, you will create a series of test and production AWS accounts to isolate the formal test and production environments from your development environments.
 
@@ -47,7 +47,7 @@ Visit [Create an AWS Account](https://portal.aws.amazon.com/billing/signup#/star
 |Field|Description|Tips|
 |-----|------------|---|
 |**Email address**|A unique email address that identifies the AWS account and is the name of the AWS account root user.|Use the management AWS account [root user email address]({{< relref "02-obtain-email-addresses" >}}) that you already established. Since this email address is used to initially access your AWS account, be very careful that you enter the correct email address and that you have access to the email account.|
-|**Password**|A password for the AWS account root user.|Ensure that you secure this value. In a later step, you'll have the option to enable Multi-factor Authentication (MFA) - a highly recommended approach to secure your AWS account.|
+|**Password**|A password for the AWS account root user.|Ensure that you secure this value. In a later step, you'll have the option to enable Multi-factor Authentication (MFA) - a highly recommended approach to help secure your AWS account.|
 |**AWS account name**|A brief identifier for the AWS account.|For example, **`management`**. This value does not have to be unique and can be modified later on.|
 
 ### Set personal or professional

content/05-extend/02-federated-access-to-aws/04-reference/01-move-from-using-local-identity.md

@@ -24,7 +24,7 @@ Be sure that your Active Directory domain is configured with granular AD groups
 	* Some Granular Examples: AWS_Network_Administrators, AWS_SharedServices_Administrators, AWS_Master_BillingAdmins, AWS_Network_NetworkAdmins
 	* Some "overarching" Examples: AWS_GlobalAdministrators, AWS_GlobalNetworkAdmins, AWS_GlobalSecurityAdmins
 * Considering creating new AD groups and permission sets for personas that don't come out of the box -- Developers, for example.
-* Don't simply grant full Administrator to all users for an account. Taking the time to build out role-based access contributes to defense in depth, ensuring a more secure environment.
+* Don't simply grant full Administrator to all users for an account. Taking the time to build out role-based access contributes to defense in depth, helping to secure your environment.
 
 When you are ready to change AWS SSO over from the internal directory to Active Directory or a Third Party Identity Provider, take note of the implications of such a change **most notably** all existing entitlements will be lost -- so have your AD groups configured and your management account root username, password and MFA handy in case you are logged out. Alternatively you could use an IAM User in the management account as a backup. [Follow this guide](https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-identity-source-change.html) to switch your AWS SSO identity source.