WIP: add Cloud link to Azure topics (#2713)

* add Cloud link to Azure topics

WIP: 1st draft includes, tabs re: SSH key topics

adding more Azure Cloud content and SSH includes

copyedits

cloud azure, aws topics organization, videos

incorporated review comments

copyedits, colour-coded TBD's

copyedits to make create a swarm w/AWS and Azure consistent

updated links to use new titles

added SSH key setup to the Swarm overview list of links

updated link services titles

add ssh to glossary, note autoredeploy limitations

Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>

* screen snaps, updates per latest on staging

Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>

* added link

Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>

* resolved conflicts in TOC

Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>

* added Azure accept EULA/enable subscription, more steps, snaps

Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>

* fixed the comments to not break numbering

Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>

* new snaps and review comments incorporated from Alberto and Ryan

Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>

* added screen snaps, review comments, more steps

Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>

* added screen snaps, detail to Azure create swarm

Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>

* new snap showing linked AWS as provider

Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>

* AWS screen snaps and detailed steps

Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>

* AWS swarm name rules clarification

Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>

* added x-refs to edition topics on config per reviews

Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>

* added connect screen snap w/production commands, AWS pricing

Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>

* added more code examples and clarification to swarm connect

Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>

* added more code examples for Azure and AWS

Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>

_data/glossary.yaml

@@ -107,7 +107,7 @@ ENTRYPOINT: |
   of the command to be run. If you want your Dockerfile to be runnable without
   specifying additional arguments to the `docker run` command, you must specify
   either `ENTRYPOINT`, `CMD`, or both.
-  
+
   - If `ENTRYPOINT` is specified, it is set to a single command. Most official
     Docker images have an `ENTRYPOINT` of `/bin/sh` or `/bin/bash`. Even if you
     do not specify `ENTRYPOINT`, you may inherit it from the base image that you
@@ -184,7 +184,7 @@ namespace: |
   resource, including `net` (networking), `mnt` (storage), `pid` (processes), `uts` (hostname control),
   and `user` (UID mapping). For more information about namespaces, see [Docker run reference](/engine/reference/run.md)
   and [Introduction to user namespaces](https://success.docker.com/KBase/Introduction_to_User_Namespaces_in_Docker_Engine){ :target="_blank" class="_" }.
-  
+
 node: |
   A [node](/engine/swarm/how-swarm-mode-works/nodes/) is a physical or virtual
   machine running an instance of the Docker Engine in swarm mode.
@@ -213,6 +213,9 @@ repository: |
 
   Here is an example of the shared [nginx repository](https://hub.docker.com/_/nginx/)
   and its [tags](https://hub.docker.com/r/library/nginx/tags/).
+SSH: |
+  SSH (secure shell) is a secure protocol for accessing remote machines and applications. It
+  provides authentication and encrypts data communication over insecure networks such as the Internet. SSH uses public/private key pairs to authenticate logins.
 service: |
   A [service](/engine/swarm/how-swarm-mode-works/services/) is the definition of how
   you want to run your application containers in a swarm. At the most basic level
@@ -313,11 +316,10 @@ volume: |
 
   There are three types of volumes: *host, anonymous, and named*:
 
-  - A **host volume** lives on the Docker host's filesystem and can be accessed from within the container.  
+  - A **host volume** lives on the Docker host's filesystem and can be accessed from within the container.
 
   - A **named volume** is a volume which Docker manages where on disk the volume is created,
     but it is given a name.
 
   - An **anonymous volume** is similar to a named volume, however, it can be difficult, to refer to
     the same volume over time when it is an anonymous volumes. Docker handle where the files are stored.
-    

_data/toc.yaml

@@ -1269,13 +1269,19 @@ manuals:
       title: Using Swarm mode
     - path: /docker-cloud/cloud-swarm/register-swarms/
       title: Register existing swarms
-    - path: /docker-cloud/cloud-swarm/create-cloud-swarm/
-      title: Create a new swarm in Docker Cloud
+    - path: /docker-cloud/cloud-swarm/create-cloud-swarm-aws/
+      title: Create a new swarm on Amazon Web Services in Docker Cloud
+    - path: /docker-cloud/cloud-swarm/create-cloud-swarm-azure/
+      title: Create a new swarm on Microsoft Azure in Docker Cloud
     - path: /docker-cloud/cloud-swarm/connect-to-swarm/
       title: Connect to a swarm through Docker Cloud
     - path: /docker-cloud/cloud-swarm/link-aws-swarm/
-      title: Link to Amazon Web Services to create swarms
-  - sectiontitle: Manage infrastructure (standard mode)
+      title: Link Amazon Web Services to Docker Cloud
+    - path: /docker-cloud/cloud-swarm/link-azure-swarm/
+      title: Link Microsoft Azure Cloud Services to Docker Cloud
+    - path: /docker-cloud/cloud-swarm/ssh-key-setup/
+      title: Set up SSH keys
+  - sectiontitle: Manage Infrastructure (standard mode)
     section:
     - path: /docker-cloud/infrastructure/
       title: Infrastructure overview

_includes/content/cloud-swarm-overview.md

@@ -0,0 +1,9 @@
+You can now create _new_ Docker Swarms from within Docker Cloud as well as
+register existing swarms.
+
+When you create a swarm, Docker Cloud connects to the Cloud provider on your
+behalf, and uses the provider's APIs and a provider-specific template to launch
+Docker instances. The instances are then joined to a swarm and the swarm is
+configured using your input. When you access the swarm from Docker Cloud, the
+system forwards your commands directly to the Docker instances running in the
+swarm.

_includes/content/ssh/ssh-add-keys-to-agent.md

@@ -0,0 +1,92 @@
+
+<ul class="nav nav-tabs">
+  <li class="active"><a data-toggle="tab" data-target="#mac-add-keys" data-group="mac">Mac</a></li>
+  <li><a data-toggle="tab" data-target="#win-add-keys" data-group="win">Windows</a></li>
+  <li><a data-toggle="tab" data-target="#linux-add-keys" data-group="linux">Linux</a></li>
+</ul>
+<div class="tab-content">
+<div id="mac-add-keys" class="tab-pane fade in active">
+<br>
+{% capture mac-content-add %}
+1.  Start the `ssh-agent` in the background using the command `eval "$(ssh-agent -s)"`. You will get the agent process ID in return.
+
+    ```none
+    eval "$(ssh-agent -s)"
+    Agent pid 59566
+    ```
+
+2.  On macOS Sierra 10.12.2 or newer, modify your
+`~/.ssh/config` file to automatically load keys into the `ssh-agent` and store
+passphrases in your keychain.
+
+    ```none
+    Host *
+     AddKeysToAgent yes
+     UseKeychain yes
+     IdentityFile ~/.ssh/id_rsa
+    ```
+
+3.  Add your SSH private key to the ssh-agent, using the default macOS `ssh-add` command.
+
+    ```none
+    $ ssh-add -K ~/.ssh/id_rsa
+    ```
+
+    If you created your key with a different name or have an existing key
+    with  a different name, replace `id_rsa` in the command with the
+    name of your private key file.
+
+{% endcapture %}
+{{ mac-content-add | markdownify }}
+</div>
+
+<div id="win-add-keys" class="tab-pane fade">
+<br>
+{% capture win-content-add %}
+
+1.  Start the `ssh-agent` in the background.
+
+    ```none
+    eval "$(ssh-agent -s)"
+    Agent pid 59566
+    ```
+
+2.  Add your SSH private key to the ssh-agent.
+
+    ```none
+    $ ssh-add -K ~/.ssh/id_rsa
+    ```
+
+    If you created your key with a different name or have an existing key
+    with  a different name, replace `id_rsa` in the command with the
+    name of your private key file.
+
+{% endcapture %}
+{{ win-content-add | markdownify }}
+</div>
+
+<div id="linux-add-keys" class="tab-pane fade">
+<br>
+{% capture linux-content-add %}
+
+1.  Start the `ssh-agent` in the background.
+
+    ```none
+    eval "$(ssh-agent -s)"
+    Agent pid 59566
+    ```
+
+2.  Add your SSH private key to the ssh-agent.
+
+    ```none
+    $ ssh-add -K ~/.ssh/id_rsa
+    ```
+
+    If you created your key with a different name or have an existing key
+    with  a different name, replace `id_rsa` in the command with the
+    name of your private key file.
+
+{% endcapture %}
+{{ linux-content-add | markdownify }}
+</div>
+</div>

_includes/content/ssh/ssh-copy-key.md

@@ -0,0 +1,73 @@
+
+<ul class="nav nav-tabs">
+  <li class="active"><a data-toggle="tab" data-target="#mac-copy-keys" data-group="mac">Mac</a></li>
+  <li><a data-toggle="tab" data-target="#win-copy-keys" data-group="win">Windows</a></li>
+  <li><a data-toggle="tab" data-target="#linux-copy-keys" data-group="linux">Linux</a></li>
+</ul>
+<div class="tab-content">
+<div id="mac-copy-keys" class="tab-pane fade in active">
+<br>
+{% capture mac-content-copy %}
+
+Copy the public SSH key to your clipboard.
+
+```none
+$ pbcopy < ~/.ssh/id_rsa.pub
+```
+
+If your SSH key file has a different name than the example code, modify the
+filename to match your current setup.
+
+>**Tip:** If you don't have `pbcopy`, you navigate to the hidden `.ssh`
+folder, open the file in a text editor, and copy it to your clipboard.
+For example: `$ atom ~/.ssh/id_rsa.pub`
+
+{% endcapture %}
+{{ mac-content-copy | markdownify }}
+</div>
+
+<div id="win-copy-keys" class="tab-pane fade">
+<br>
+{% capture win-content-copy %}
+
+Copy the public SSH key to your clipboard.
+
+```none
+$ clip < ~/.ssh/id_rsa.pub
+```
+
+If your SSH key file has a different name than the example code, modify the
+filename to match your current setup.
+
+>**Tip:** If `clip` doesn't work, navigate the hidden `.ssh`
+folder, open the file in a text editor, and copy it to your clipboard.
+For example: `$ notepad ~/.ssh/id_rsa.pub`
+
+{% endcapture %}
+{{ win-content-copy | markdownify }}
+</div>
+
+<div id="linux-copy-keys" class="tab-pane fade">
+<br>
+{% capture linux-content-copy %}
+
+If you don't already have it, install `xclip`. (The example uses `apt-get` to install, but you might want to use another package installer like `yum`.)
+
+```none
+$ sudo apt-get install xclip
+```
+
+Copy the SSH key to your clipboard.
+
+```none
+$ xclip -sel clip < ~/.ssh/id_rsa.pub
+```
+
+>**Tip:** If you `xclip` isn't working, navigate to hidden `.ssh` folder,
+open the file in a text editor, and copy it to your clipboard.
+For example: `$ vi ~/.ssh/id_rsa.pub`
+
+{% endcapture %}
+{{ linux-content-copy | markdownify }}
+</div>
+</div>

_includes/content/ssh/ssh-find-keys.md

@@ -0,0 +1,118 @@
+
+<ul class="nav nav-tabs">
+  <li class="active"><a data-toggle="tab" data-target="#mac-find-keys" data-group="mac">Mac</a></li>
+  <li><a data-toggle="tab" data-target="#win-find-keys" data-group="win">Windows</a></li>
+  <li><a data-toggle="tab" data-target="#linux-find-keys" data-group="linux">Linux</a></li>
+</ul>
+<div class="tab-content">
+<div id="mac-find-keys" class="tab-pane fade in active">
+<br>
+{% capture mac-content-find %}
+
+1.  Open a command-line terminal.
+
+    ```none
+    $ ls -al ~/.ssh
+    ```
+
+    This lists files in your `.ssh` directory.
+
+2.  Check to see if you already have a SSH keys you can use.
+
+    Default file names for public keys are:
+
+    * id_dsa.pub
+    * id_ecdsa.pub
+    * id_ed25519.pub
+    * id_rsa.pub
+
+    Here are example results showing a public and private key pair with the default names:
+
+    ```none
+    drwx------   8 me  staff   272 Mar 27 14:04 .
+    drwxr-xr-x+ 69 me  staff  2346 Apr  7 10:03 ..
+    -rw-r--r--   1 me  staff   420 Mar 27 14:04 config
+    -rw-------   1 me  staff  3326 Mar 27 14:01 id_rsa
+    -rw-r--r--   1 me  staff   752 Mar 27 14:01 id_rsa.pub
+    ```
+
+    The file `id_rsa` contains the private key which resides on the local machine, and `id_rsa.pub` is the public key we can provide to a remote account.
+
+{% endcapture %}
+{{ mac-content-find | markdownify }}
+</div>
+
+<div id="win-find-keys" class="tab-pane fade">
+<br>
+{% capture win-content-find %}
+
+1.  Open Git Bash.
+
+    ```none
+    $ ls -al ~/.ssh
+    ```
+
+    This will list files in your `.ssh` directory.
+
+2.  Check to see if you already have SSH keys you can use.
+
+    Default file names for public keys are:
+
+    * id_dsa.pub
+    * id_ecdsa.pub
+    * id_ed25519.pub
+    * id_rsa.pub
+
+    Here are example results showing a public and private key pair with the default names:
+
+    ```none
+    drwx------   8 me  staff   272 Mar 27 14:04 .
+    drwxr-xr-x+ 69 me  staff  2346 Apr  7 10:03 ..
+    -rw-r--r--   1 me  staff   420 Mar 27 14:04 config
+    -rw-------   1 me  staff  3326 Mar 27 14:01 id_rsa
+    -rw-r--r--   1 me  staff   752 Mar 27 14:01 id_rsa.pub
+    ```
+
+    The file `id_rsa` contains the private key which resides on the local machine, and `id_rsa.pub` is the public key we can provide to a remote account.
+
+{% endcapture %}
+{{ win-content-find | markdownify }}
+</div>
+
+<div id="linux-find-keys" class="tab-pane fade">
+<br>
+{% capture linux-content-find %}
+
+1.  Open a command-line terminal.
+
+    ```none
+    $ ls -al ~/.ssh
+    ```
+
+    This will list files in your `.ssh` directory.
+
+2.  Check to see if you already have a SSH keys you can use.
+
+    Default file names for public keys are:
+
+    * id_dsa.pub
+    * id_ecdsa.pub
+    * id_ed25519.pub
+    * id_rsa.pub
+
+    Here are example results showing a public and private key pair with the default names:
+
+    ```none
+    drwx------   8 me  staff   272 Mar 27 14:04 .
+    drwxr-xr-x+ 69 me  staff  2346 Apr  7 10:03 ..
+    -rw-r--r--   1 me  staff   420 Mar 27 14:04 config
+    -rw-------   1 me  staff  3326 Mar 27 14:01 id_rsa
+    -rw-r--r--   1 me  staff   752 Mar 27 14:01 id_rsa.pub
+    ```
+
+    The file `id_rsa` contains the private key which resides on the local machine, and `id_rsa.pub` is the public key we can provide to a remote account.
+
+{% endcapture %}
+{{ linux-content-find | markdownify }}
+</div>
+</div>

_includes/content/ssh/ssh-gen-keys.md

@@ -0,0 +1,106 @@
+
+<ul class="nav nav-tabs">
+  <li class="active"><a data-toggle="tab" data-target="#mac-key-gen" data-group="mac">Mac</a></li>
+  <li><a data-toggle="tab" data-target="#win-key-gen" data-group="win">Windows</a></li>
+  <li><a data-toggle="tab" data-target="#linux-key-gen" data-group="linux">Linux</a></li>
+</ul>
+<div class="tab-content">
+<div id="mac-key-gen" class="tab-pane fade in active">
+<br>
+{% capture mac-content-gen %}
+1.  Open a command-line terminal.
+
+2.  Paste the text below, substituting in your GitHub email address.
+
+    ```none
+    ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
+    ```
+
+    This creates a new SSH key, using the provided email as a label.
+
+    ```none
+    Generating public/private rsa key pair.
+    ```
+
+3.  When prompted with "Enter a file in which to save the key", press the Return key (Enter) to accept the default location.
+
+    ```none
+    Enter a file in which to save the key (/Users/you/.ssh/id_rsa):
+    ```
+
+4.  At the prompt, type a secure passphrase, and re-enter as prompted.
+
+    ```none
+    Enter passphrase (empty for no passphrase):
+    Enter same passphrase again:
+    ```
+{% endcapture %}
+{{ mac-content-gen | markdownify }}
+</div>
+
+<div id="win-key-gen" class="tab-pane fade">
+<br>
+{% capture win-content-gen %}
+1.  Open Git Bash.
+
+2.  Paste the text below, substituting in your GitHub email address.
+
+    ```none
+    ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
+    ```
+
+    This creates a new SSH key, using the provided email as a label.
+
+    ```none
+    Generating public/private rsa key pair.
+    ```
+
+3.  When prompted with "Enter a file in which to save the key", press the Return key (Enter) to accept the default location.
+
+    ```none
+    Enter a file in which to save the key (c/Users/you/.ssh/id_rsa):
+    ```
+
+4.  At the prompt, type a secure passphrase, and re-enter as prompted.
+
+    ```none
+    Enter passphrase (empty for no passphrase):
+    Enter same passphrase again:
+    ```
+{% endcapture %}
+{{ win-content-gen | markdownify }}
+</div>
+
+<div id="linux-key-gen" class="tab-pane fade">
+<br>
+{% capture linux-content-gen %}
+1.  Open a command-line terminal.
+
+2.  Paste the text below, substituting in your GitHub email address.
+
+    ```none
+    ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
+    ```
+
+    This creates a new SSH key, using the provided email as a label.
+
+    ```none
+    Generating public/private rsa key pair.
+    ```
+
+3.  When prompted with "Enter a file in which to save the key", press the Return key (Enter) to accept the default location.
+
+    ```none
+    Enter a file in which to save the key (/home/you/.ssh/id_rsa):
+    ```
+
+4.  At the prompt, type a secure passphrase, and re-enter as prompted.
+
+    ```none
+    Enter passphrase (empty for no passphrase):
+    Enter same passphrase again:
+    ```
+{% endcapture %}
+{{ linux-content-gen | markdownify }}
+</div>
+</div>

_includes/content/ssh/ssh-overview.md

@@ -0,0 +1,14 @@
+[SSH](/engine/reference/glossary.md#ssh) is a secure protocol for accessing remote machines and applications. It
+provides authentication and encrypts data communication over insecure networks.
+
+These topics describe how to find existing SSH keys or generate new ones, and
+add the public key to your Docker Cloud account. GitHub has a good set of
+topics on [Connecting to GitHub with
+SSH](https://help.github.com/articles/connecting-to-github-with-ssh/), which you
+can tailor to SSH scenarios beyond GitHub, including Docker. The quick-look
+topics below are derived from that GitHub documentation.
+
+Commands for working with SSH keys are described for Mac, Windows, and Linux.
+The Windows steps suggest using [Git Bash](https://git-for-windows.github.io/) but you could also use a tool like
+[PuTTY](http://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html) or
+[Bitvise](https://www.bitvise.com/index).

docker-cloud/cloud-swarm/connect-to-swarm.md

@@ -11,21 +11,63 @@ local Docker instance, which connects to a manager node on the target swarm.
 
 ## Connect to a swarm
 
-1. Log in to Docker Cloud in your web browser.
-2. Click **Swarms** in the top navigation, and click the name of the swarm you want to connect to.
-3. Copy the command provided in the dialog that appears.
-4. In a terminal window connected to your local Docker Engine, paste the command, and press **Enter**.
+1.  Log in to Docker Cloud in your web browser.
+2.  Click **Swarms** in the top navigation, and click the name of the swarm you want to connect to.
+3.  Copy the command provided in the dialog that appears.
 
-    The local Docker Engine downloads a containerized Docker Cloud client tool, and connects to the swarm.
+    ![](images/swarm-connect.png)
 
-5. To complete the connection process, run the `export DOCKER_HOST` command found in the previous command's output, to connect your local shell to the client proxy.
+4.  In a terminal window connected to your local Docker Engine, paste the command, and press **Enter**.
 
-    Be sure to include the client connection port in the URL. For example `export DOCKER_HOST=tcp://127.0.0.1:32768`.
+    You will be asked to provide you Docker ID and password, then the local Docker Engine downloads a containerized Docker Cloud client tool, and connects to the swarm.
 
+    ```
+    $ docker run --rm -ti -v /var/run/docker.sock:/var/run/docker.sock -e DOCKER_HOST dockercloud/client orangesnap/vote-swarm
+    Use your Docker ID credentials to authenticate:
+    Username: orangesnap
+    Password:
 
-To switch Docker hosts you can either run the `export` command again to overwrite it, or use `unset DOCKER_HOST`.
+    => You can now start using the swarm orangesnap/vote-swarm by executing:
+    	export DOCKER_HOST=tcp://127.0.0.1:32770
+```
 
-> **Note**: If you are using Docker Machine, be sure to unset `DOCKER_TLS_VERIFY` as described in the [known issues](https://github.com/moby/mobycloud-federation#known-issues).
+5.  To complete the connection process, run the `export DOCKER_HOST` command  as provided in the output of the previous command. This connects your local shell to the client proxy.
+
+    Be sure to include the given client connection port in the URL. For our example, the command is: `export DOCKER_HOST=tcp://127.0.0.1:32770`.
+
+    (If you are connecting to your first swarm, the _command:port_ is likely to be `export DOCKER_HOST=tcp://127.0.0.1:32768`.)
+
+6.  Now, you can run `docker node ls` to verify that the swarm is running.
+
+    Here is an example of `docker node ls` output for a swarm running one manager and two workers on **Amazon Web Services**.
+
+    ```
+    $ docker node ls
+    ID                            HOSTNAME                                      STATUS              AVAILABILITY        MANAGER STATUS
+    dhug6p7arwrm3a9j62zh0a0hf     ip-172-31-23-167.us-west-1.compute.internal   Ready               Active              
+    xmbxtffkrzaveqhyuouj0rxso     ip-172-31-4-109.us-west-1.compute.internal    Ready               Active              
+    yha4q9bleg80kvbn9tqgxd69g *   ip-172-31-24-61.us-west-1.compute.internal    Ready               Active              Leader
+    ```
+
+    Here is an example of `docker node ls` output for a swarm running one manager and two workers on **Microsoft Azure Cloud Services**.
+
+    ```
+    $ docker node ls
+    ID                            HOSTNAME              STATUS              AVAILABILITY        MANAGER STATUS
+    6uotpiv8vyxsjzdtux13nkvj4     swarm-worker000001    Ready               Active               
+    qmvk4swo9rdv1viu9t88dw0t3     swarm-worker000000    Ready               Active              
+    w7kgzzdkka0k2svssz1dk1fzw *   swarm-manager000000   Ready               Active              Leader
+    ```
+
+    From this point on, you can use the
+    [CLI commands](/engine/swarm/index.md#swarm-mode-cli-commands)
+    to manage your cloud-hosted [swarm mode](/engine/swarm/) just as you
+    would a local swarm.
+
+7.  Now that your swarm is set up, try out the example to [deploy a service to the swarm](/engine/swarm/swarm-tutorial/deploy-service/),
+and other subsequent tasks in the Swarm getting started tutorial.
+
+> **Note**: To switch back to Docker hosts you can either run the `export` command again to overwrite it, or use `unset DOCKER_HOST`. If you are using Docker Machine, be sure to unset `DOCKER_TLS_VERIFY` as described in the [known issues](https://github.com/moby/mobycloud-federation#known-issues).
 
 ## Reconnect a swarm
 

docker-cloud/cloud-swarm/create-cloud-swarm-aws.md

@@ -0,0 +1,111 @@
+---
+previewflag: cloud-swarm
+description: Create new swarms on AWS with Docker Cloud
+keywords: swarm mode, swarms, create swarm, Cloud, AWS
+title: Create a new swarm on Amazon Web Services in Docker Cloud
+---
+
+{% include content/cloud-swarm-overview.md %}
+
+## Link your service provider to Docker Cloud
+
+To create a swarm, you need to give Docker Cloud permission to deploy swarm
+nodes on your behalf in your cloud services provider account.
+
+If you haven't yet linked Docker Cloud to AWS, follow the steps in [Link Amazon Web Services to Docker Cloud](link-aws-swarm.md). Once it's
+linked, it will show up on the **Swarms -> Create** page as a connected service
+provider.
+
+![](images/aws-creds-cloud.png)
+
+## Create a swarm
+
+1. If necessary, log in to Docker Cloud and switch to Swarm Mode
+
+2. Click **Swarms** in the top navigation, then click **Create**.
+
+    Alternatively, you can select **+ -> Swarm** from the top navigation to get to the same page.
+
+3.  Enter a name for the new swarm.
+
+    Your Docker ID is pre-populated. In the example, our swarm name
+    is "vote-swarm".
+
+    ![](images/aws-create-swarm-1-name.png)
+
+    >**Tip:** For Docker Cloud, use all lower case letters for swarm names. No spaces, capitalized letters, or special characters other than `.`, `_`, or `-` are allowed. AWS does not accept underscores in the name `_`.
+
+4.  Select Amazon Web Services as the service provider, select a channel (`Stable` or `Edge`) from the drop-down menu, and provide an App name.
+
+    In this example, we'll use the `Stable` channel, and use "voting_app" as our application name.
+
+    ![](images/aws-create-swarm-0.png)
+
+5.  Select a **Region** from the drop-down menu.
+
+    > **Tip:** The SSH keys available to you in the next steps are
+    filtered by the region you select here. Make sure that you have
+    appropriate SSH keys available on the region you select.
+
+    Optionally, click **Region Advanced Settings** to configure a
+    [Virtual Private Cloud(VPC)](http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Introduction.html) on which to run this swarm.
+
+    ![](images/aws-create-swarm-3-region.png)
+
+    For guidance on setting up a VPC, see [Recommended VPC and subnet setup](https://docs.docker.com/docker-for-aws/faqs/#can-i-use-my-existing-vpc) in the Docker for AWS topics.
+
+6.  Choose how many swarm managers and swarm worker nodes to deploy.
+
+    Here, we create one manager and two worker nodes. (This maps nicely to the [Swarm tutorial setup](/engine/swarm/swarm-tutorial/index.md) and the [voting app sample in Docker Labs](https://github.com/docker/labs/blob/master/beginner/chapters/votingapp.md).)
+
+    ![](images/cloud-create-swarm-4-size.png)
+
+7.  Configure swarm properties.
+
+    ![](images/aws-create-swarm-5-properties.png)
+
+    * Select a public SSH key for Docker Cloud to use to connect to the
+    nodes on AWS. Public keys from the [key pairs you configured on AWS](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) are provided in the drop-down menu. Only keys associated with the
+    Region you selected (in step 5) are shown.
+
+    * Choose whether to provide daily resource cleanup.
+
+      Enabling this option helps to avoid charges for resources that you are no longer using. (See also, topics on [resource cleanup](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_CleaningUp.html) in the AWS documentation.)
+
+    * Enable or disable Cloudwatch for container logging.
+
+      When enabled, Docker sends container logs to [Amazon Cloudwatch](https://aws.amazon.com/cloudwatch/), as described in the Docker for AWS topic on [Logging](/docker-for-aws/index.md#logging).
+
+7. Select the instance sizes for the managers, and for the workers.
+
+    ![](images/aws-create-swarm-6-manager-worker.png)
+
+    In general, the larger your swarm, the larger the instance sizes you should use. See the Docker for AWS topics for more on [resource configuration](/docker-for-aws/index.md#configuration).
+
+9. Click **Create**.
+
+    Docker for AWS bootstraps all of the recommended infrastructure to
+    start using Docker on AWS automatically. You don't need to worry
+    about rolling your own instances, security groups, or load balancers
+    when using Docker for AWS. (To learn more, see
+    [Why Docker for AWS](/docker-for-aws/why.md).)
+
+    This will take a few minutes. When the swarm is ready, its indicator on the Swarms page will show steady green.
+
+    ![](images/aws-create-swarm-7-list.png)
+
+    > **Note**: At this time, you cannot add nodes to a swarm from
+    within Docker Cloud. To add new nodes to an existing swarm,
+    log in to your AWS account, and add nodes manually. (You can
+    unregister or dissolve swarms directly from Docker Cloud.)
+
+## Where to go next
+
+Learn how to [connect to a swarm through Docker Cloud](connect-to-swarm.md).
+
+Learn how to [register existing swarms](register-swarms.md).
+
+You can get an overivew of topics on [swarms in Docker Cloud](index.md).
+
+To find out more about Docker swarm in general, see the Docker engine
+[Swarm Mode overview](/engine/swarm/).

docker-cloud/cloud-swarm/create-cloud-swarm-azure.md

@@ -0,0 +1,109 @@
+---
+previewflag: cloud-swarm
+description: Create new swarms on Azure with Docker Cloud
+keywords: swarm mode, swarms, create swarm, Cloud, Azure
+title: Create a new swarm on Microsoft Azure in Docker Cloud
+---
+
+{% include content/cloud-swarm-overview.md %}
+
+## Link Docker Cloud to your service provider
+
+To create a swarm, you need to give Docker Cloud permission to deploy swarm
+nodes on your behalf in your cloud services provider account.
+
+If you haven't yet linked Docker Cloud to Azure, follow the steps in [Link Microsoft Azure Cloud Services to Docker Cloud](link-azure-swarm/). Once it's
+linked, it will show up on the **Swarms -> Create** page as a connected service
+provider.
+
+![](images/azure-creds-cloud.png)
+
+## Create a swarm
+
+1.  If necessary, log in to Docker Cloud and switch to Swarm Mode
+
+2.  Click **Swarms** in the top navigation, then click **Create**.
+
+    Alternatively, you can select **+ -> Swarm** from the top navigation to
+    get to the same page.
+
+3.  Enter a name for the new swarm.
+
+    Your Docker ID is pre-populated. In the example, our swarm name
+    is "vote_swarm".
+
+    ![](images/azure-create-swarm-1-name.png)
+
+    >**Tip:** Use all lower case letters for swarm names. No spaces, capitalized letters, or special characters other than `.`, `_`, or `-` are allowed.
+
+4.  Select Microsoft Azure as the service provider, select a channel (`Stable` or `Edge`) from the drop-down menu, provide an App name, and select the Azure
+Subscription you want to use.
+
+    In this example, we'll use the `Stable` channel, our app name is "voting_app" and we've selected a Pay-As-You-Go subscription.
+
+    ![](images/azure-create-swarm-0.png)
+
+5.  Make sure that **Create new resource group** is selected, provide a name for the group, and select a location from the drop-down menu.
+
+    We'll call our example app "swarm_vote_resources", and choose a location in West US.
+
+    ![](images/azure-create-swarm-3-resource-group.png)
+
+    >**Tip:** Be sure to create a new resource group for a swarm. If you choose to use an existing group, the swarm will fail as Azure does not currently support this.
+
+6.  Choose how many swarm managers and worker nodes to deploy.
+
+    Here, we create one manager and two worker nodes. (This maps nicely to the [Swarm tutorial setup](/engine/swarm/swarm-tutorial/index.md) and the [voting app sample in Docker Labs](https://github.com/docker/labs/blob/master/beginner/chapters/votingapp.md).)
+
+    ![](images/cloud-create-swarm-4-size.png)
+
+8.  Configure swarm properties, SSH key and resource cleanup.
+
+    Copy-paste the public [SSH key](ssh-key-setup.md) you want to use to connect to the nodes. (Provide the one for which you have the private key locally.)
+
+    ![](images/azure-create-swarm-5-properties.png)
+
+    * To list existing SSH keys: `$ ls -al ~/.ssh`
+
+    * To copy the public SSH key to your clipboard: `$ pbcopy < ~/.ssh/id_rsa.pub`
+
+    Choose whether to provide daily resource cleanup. (Enabling this
+    option helps avoid charges for resources that you are no longer
+    using.)
+
+7.  Select the machine sizes for the managers, and for the workers.
+
+    ![](images/azure-create-swarm-6-manager-worker.png)
+
+    The larger your swarm, the larger the machine size you should use.
+    To learn more about resource setup, see [configuration options](/docker-for-azure/index.md#configuration) in the Docker
+    for Azure topics.
+
+    You can find Microsoft Azure Linux Virtual Machine pricing and options  [here](https://azure.microsoft.com/en-us/pricing/details/virtual-machines/linux/).
+
+9.  Click **Create**.
+
+    Docker for Azure bootstraps all of the recommended infrastructure to start
+    using Docker on Azure automatically. You don’t need to worry about rolling
+    your own instances, security groups, or load balancers when using Docker for
+    Azure. (To learn more, see [Why Docker for Azure](/docker-for-azure/why.md).)
+
+    This will take a few minutes. When the swarm is ready, its indicator on the Swarms page will show steady green.
+
+    ![](images/azure-create-swarm-7-list.png)
+
+    > **Note**: At this time, you cannot add nodes to a swarm from
+    within Docker Cloud. To add new nodes to an existing swarm,
+    log in to your AWS account, and add nodes manually. (You can
+    unregister or dissolve swarms directly from Docker Cloud.)
+
+## Where to go next
+
+Learn how to [connect to a swarm through Docker Cloud](connect-to-swarm.md).
+
+Learn how to [register existing swarms](register-swarms.md).
+
+You can get an overivew of topics on [swarms in Docker Cloud](index.md).
+
+To find out more about Docker swarm in general, see the Docker engine
+[Swarm Mode overview](/engine/swarm/).

docker-cloud/cloud-swarm/create-cloud-swarm.md

@@ -1,56 +0,0 @@
----
-previewflag: cloud-swarm
-description: Create new swarms in Docker Cloud
-keywords: swarm mode, swarms, create swarm, Cloud
-title: Create a new swarm in Docker Cloud
----
-
-You can now create _new_ Docker Swarms from within Docker Cloud as well as
-register existing swarms.
-
-When you create a swarm, Docker Cloud connects to the provider on your behalf,
-and uses the provider's APIs and a provider-specific template to launch Docker
-instances. The instances are then joined to a swarm and the swarm is configured
-using your input. When you access the swarm from Docker Cloud, the system
-forwards your commands directly to the Docker instances running in the swarm.
-
-> **Note**: The Create Swarm functionality is only available for AWS at this time. Additional provider support is coming soon.
-
-## Create a swarm
-
-> **Note**: To create a swarm, you need to give Docker Cloud permission to deploy swarm nodes on your behalf in your cloud services provider account. See the [AWS with swarm instructions](link-aws-swarm.md) to learn more.
-
-1. If necessary, log in to Docker Cloud and switch to Swarm Mode.
-2. Click Swarms in the top navigation.
-3. Click **Create**.
-4. Enter a name for the new swarm.
-5. Select a connected cloud services provider.
-
-    Additional options appear depending on which provider you select.
-
-6. Enter any additional provider-specific information, such as region.
-
-    > **Note**: The SSH keys that appear in this wizard are filtered by the region you select. Ensure that you have appropriate SSH keys available on the region you select.
-
-7. Choose how many swarm managers and swarm worker nodes to deploy.
-8. Select the instance sizes for the managers, and for the workers.
-9. Select the SSH key to use to connect to the nodes.
-
-    The list contains any SSH keys that you have access to on your linked cloud services provider. Select the one for which you have the private key locally.
-
-10. Click **Create**.
-
-Docker Cloud connects to your AWS account, deploys Docker for AWS instances, forms a Swarm, and joins the instances to it.
-
-> **Note**: At this time, you cannot dissolve swarms or delete swarm nodes from within Docker Cloud - you can only unregister the swarm from the Docker Cloud UI. To delete the swarm and its members, log in to your AWS account and delete them manually.
-
-## Where to go next
-
-Learn how to [connect to a swarm through Docker Cloud](connect-to-swarm.md).
-
-Learn how to [register existing swarms](register-swarms.md).
-
-You can get an overview of topics on [swarms in Docker Cloud](index.md).
-
-To find out more about Docker swarm in general, see the Docker engine
-[Swarm Mode overview](/engine/swarm/).

docker-cloud/cloud-swarm/index.md

@@ -2,6 +2,8 @@
 previewflag: cloud-swarm
 description: Work with swarms in Docker Cloud
 keywords: swarm mode, swarms, orchestration Cloud, fleet management
+redirect_from:
+- /docker-cloud/cloud-swarm/create-cloud-swarm/
 title: Swarms in Docker Cloud (Beta)
 notoc: true
 ---
@@ -22,8 +24,14 @@ personal or team swarms.
 
 * [Register existing swarms](register-swarms.md)
 
-* [Create a new swarm in Docker Cloud](create-cloud-swarm.md)
+* [Create a new swarm on AWS in Docker Cloud](create-cloud-swarm-aws.md)
+
+* [Create a new swarm on Microsoft Azure in Docker Cloud](create-cloud-swarm-azure.md)
 
 * [Connect to a swarm through Docker Cloud](connect-to-swarm.md)
 
-* [Link to Amazon Web Services to create Swarms](link-aws-swarm.md)
+* [Link Amazon Web Services to Docker Cloud](link-aws-swarm.md)
+
+* [Link Microsoft Azure Cloud Services to Docker Cloud](link-azure-swarm.md)
+
+* [Set up SSH keys](ssh-key-setup.md)

docker-cloud/cloud-swarm/link-aws-swarm.md

@@ -2,7 +2,7 @@
 previewflag: cloud-swarm
 description: Link your Amazon Web Services account
 keywords: AWS, Cloud, link
-title: Link to Amazon Web Services to create Swarms
+title: Link Amazon Web Services to Docker Cloud
 ---
 
 You can create a role with AWS IAM (Identity and Access Management) so that
@@ -45,7 +45,7 @@ the new policy to your existing role by following the instructions
 
     AWS IAM creates the new role and returns you to the **Roles** list.
 
-9. Click the name of the role you just created to view its details.
+9.  Click the name of the role you just created to view its details.
 10. On the **Permissions** tab, click the carat icon next to **Inline Policies** to expand the section.
 11. In the **Inline Policies** section, click the link to create a policy.
 12. On the next page, click **Custom Policy** and click **Select**.
@@ -60,46 +60,44 @@ the new policy to your existing role by following the instructions
 
 If you already have your AWS account connected to Docker Cloud and used the legacy node cluster functionality you will need to create and attach a new policy, and re-link your account.
 
-1. Go to the AWS IAM Roles list at  <a href="https://console.aws.amazon.com/iam/home#roles">https://console.aws.amazon.com/iam/home#roles</a>.
-2. Click your existing version of the `dockercloud-role`.
-3. On the **Permissions** tab, click the carat icon next to **Inline Policies** to expand the section.
-4. Click the link in the **Inline Policies** section to create a policy.
-5. On the next page, click **Custom Policy** and click **Select**.
-6. On the **Policy Editor** page that appears, give the policy a name like `dockercloud-swarm-policy`.
-7. In the **Policy Document** section, copy and paste the policy document found in the [Docker for AWS page](/docker-for-aws/iam-permissions/).
-8. Click **Create Policy**.
-9. Select and copy the **Role ARN** on the role screen.
+1.  Go to the AWS IAM Roles list at  <a href="https://console.aws.amazon.com/iam/home#roles">https://console.aws.amazon.com/iam/home#roles</a>.
+2.  Click your existing version of the `dockercloud-role`.
+3.  On the **Permissions** tab, click the carat icon next to **Inline Policies** to expand the section.
+4.  Click the link in the **Inline Policies** section to create a policy.
+5.  On the next page, click **Custom Policy** and click **Select**.
+6.  On the **Policy Editor** page that appears, give the policy a name like `dockercloud-swarm-policy`.
+7.  In the **Policy Document** section, copy and paste the policy document found in the [Docker for AWS page](/docker-for-aws/iam-permissions/).
+8.  Click **Create Policy**.
+9.  Select and copy the **Role ARN** on the role screen.
     It shouldn't have changed, but you'll use it to re-link your account.
 
 Because you edited the role's permissions, you need to re-link to your account.
 Back in Docker Cloud, click the account menu and select **Cloud Settings**, and
-in the **Cloud providers** section, click the green plug icon to unlink your AWS
-account.
+in the **Service providers** section, click the green plug icon to unlink your
+AWS account.
 
-Then follow the instructions [below](#add-aws-account-credentials-to-docker-cloud) to re-link your account.
+Then follow the instructions below to re-link your account.
 
-## Add AWS account credentials to Docker Cloud
+## Add your AWS account credentials to Docker Cloud
 
 Once you've created the a `dockercloud-swarm-policy`, added the
 `dockercloud-swarm-role` inline, and have the role's Role ARN, go back to Docker
 Cloud to connect the account.
 
-1. In Docker Cloud, click the account menu at upper right and select **Cloud settings**.
-2. In the **Cloud Providers** section, click the plug icon next to Amazon Web Services.
-3. Enter the full `Role ARN` for the role you just created.
-4. Click **Save**.
+1.  In Docker Cloud, click the account menu at upper right and select **Cloud settings**.
+2.  In the **Service providers** section, click the plug icon next to Amazon Web Services.
+
+    ![](images/aws-arn-wizard.png)
+
+3.  Enter the full `Role ARN` for the role you just created.
+4.  Click **Save**.
+
+    ![](images/aws-creds-cloud.png)
 
 You're now ready to deploy a swarm!
 
 ## Where to go next
 
-For next steps, see [create a new swarm in Docker Cloud](create-cloud-swarm.md).
+**Ready to create swarms on AWS?** See [Create a new swarm on Amazon Web Services in Docker Cloud](create-cloud-swarm-aws.md).
 
-You can get an overview of topics on [swarms in Docker Cloud](index.md).
-
-<!-- TODO: Commenting out until this replaces the existing ../infrastructure/link-aws file.
-
-## What's next?
-
-You're ready to start using AWS as the infrastructure provider for swarms in
-Docker Cloud! If you came here from the tutorial, click here to [continue the tutorial and deploy your first node](/docker-cloud/getting-started/your_first_node.md).-->
+You can get an overivew of topics on [swarms in Docker Cloud](index.md).

docker-cloud/cloud-swarm/link-azure-swarm.md

@@ -0,0 +1,90 @@
+---
+previewflag: cloud-swarm
+description: Link your Microsoft Azure account
+keywords: Azure, Cloud, link
+title: Link Microsoft Azure Cloud Services to Docker Cloud
+---
+
+You can link your [Microsoft Azure Cloud Services](https://portal.azure.com/) account so that Docker Cloud can provision and
+manage swarms on your behalf.
+
+For this, you will need an SSH key and your Azure subscription ID to authenticate Docker to your service provider. Also, you need to enable your Azure subscription on behalf of Docker Cloud.
+
+## Create or locate the SSH key you want to use
+
+When you are ready to create and deploy swarms, you must have an [SSH](`/engine/reference/glossary.md#ssh`) key to authenticate Docker Cloud to your Azure account. See the topic [Set up SSH keys](/docker-cloud/cloud-swarm/ssh-key-setup.md) to learn how to check for existing keys or set up a new one, and copy the public key.
+
+## Find your Azure subscription ID
+
+You will also need your Azure Cloud Services subscription ID to provide to
+Docker Cloud. There are a few ways to navigate to it on Azure.
+
+You can click a resource from the Dashboard and find the subscription ID under
+"Essentials" on the resulting display. Alternatively, from the left menu, go to
+**Billing -> Subscriptions -> Subscription ID** or simply click
+**Subscriptions**, then click a subscription in the list to drill down.
+
+![](images/azure-subscription-id.png)
+
+When you are ready to add your subscription ID to Docker Cloud,
+copy it from your Azure Dashboard.
+
+## Add your Azure account credentials to Docker Cloud
+
+Go to Docker Cloud to connect the account.
+
+1. In Docker Cloud, click the account menu at upper right and select **Cloud settings**.
+2. In the **Service Providers** section, click the plug icon next to Microsoft Azure.
+
+    ![](images/azure-id-wizard.png)
+
+3. Provide your subscription ID.
+
+    You will be redirected to [Azure Cloud Services](portal.azure.com).
+
+4. Log in to your Azure account.
+
+5. Click **Accept** to grant Docker Cloud access to your Microsoft Azure account.
+
+    ![](images/azure-permissions.png)
+
+6. Your Microsoft Azure login credentials will automatically populate to
+Docker Cloud under **Service Providers -> Microsoft Azure**.
+
+    ![](images/azure-creds-cloud.png)
+
+7. Click **Save**.
+
+## Enable your Azure subscription for Docker Cloud
+
+You need to verify Microsoft Azure terms of use and manually enable your Azure subscription on behalf of Docker Cloud.
+
+1.  Go to the [Microsoft Azure Marketplace](https://portal.azure.com/#blade/Microsoft_Azure_Marketplace/GalleryFeaturedMenuItemBlade/selectedMenuItemId/home) and search for **Docker**, or specifically **Docker for Azure CE**.
+
+    ![](images/azure-eula-1-marketplace.png)
+
+2. Select **Docker for Azure CE** and click the option on the lower right to deploy programmatically.
+
+    ![](images/azure-eula-2-deploy-vm.png)
+
+3. Read the terms of use, click **Enable** for your subscription, and click **Save**.
+
+    ![](images/azure-eula-3-enable-subscription.png)
+
+4. Verify that your subscription is enabled.
+
+    Go to **Dashboard -> Subscriptions** to view details on your current subscriptions. Docker for Azure CE should be listed as enabled Programmatic deployment.
+
+    ![](images/azure-eula-4-verify.png)
+
+You're now ready to deploy a swarm!
+
+## Where to go next
+
+**Ready to create swarms on Azure?** See [Create a new swarm on Microsoft Azure in Docker Cloud](create-cloud-swarm-azure.md).
+
+You'll need an SSH key to provide to Docker Cloud during the swarm create
+process. If you haven't done so yet, check out how to [Set up SSH
+keys](ssh-key-setup.md).
+
+You can get an overivew of topics on [swarms in Docker Cloud](index.md).

docker-cloud/cloud-swarm/ssh-key-setup.md

@@ -0,0 +1,53 @@
+---
+previewflag: cloud-swarm
+description: How to set up SSH keys
+keywords: Cloud, SSH keys, Azure, link
+title: Set up SSH keys
+---
+
+You can link your Cloud and Service providers so that Docker Cloud can provision and manage swarms on your behalf. For this, you will need an SSH key to authenticate Docker to your provider.
+
+## About SSH
+
+{% include content/ssh/ssh-overview.md %}
+
+## Check for existing SSH keys
+
+You may not need to generate a new SSH key if you have an existing key that you
+want to reuse.
+
+{% include content/ssh/ssh-find-keys.md %}
+
+If you find an existing key you want to use, skip to the topic that describes
+how to [copy your public key for use with Docker
+Cloud](#copy-your-public-key-for-use-with-docker-cloud).
+
+Otherwise, [create a new SSH
+key](#create-a-new-ssh-key-for-use-by-docker-cloud).
+
+## Create a new SSH key
+
+{% include content/ssh/ssh-gen-keys.md %}
+
+## Add your key to the ssh-agent
+
+{% include content/ssh/ssh-add-keys-to-agent.md %}
+
+## Copy your public key for use with Docker Cloud
+
+You will need your SSH public key to provide to Docker Cloud. When you are ready
+to add it, you can copy the public key as follows.
+
+{% include content/ssh/ssh-copy-key.md %}
+
+## Related topics
+
+* [Swarms in Docker Cloud](index.md)
+
+* [Link to Docker Cloud to Amazon Web Services](link-aws-swarm.md)
+
+* [Link Docker Cloud to Microsoft Azure Cloud Services](link-azure-swarm.md)
+
+* [Create a new swarm on Microsoft Azure in Docker Cloud](create-cloud-swarm-azure.md)
+
+* [Create a new swarm on AWS in Docker Cloud](create-cloud-swarm-azure.md)

docker-cloud/infrastructure/link-aws.md

@@ -11,9 +11,16 @@ title: Link an Amazon Web Services account
 >
 > This topic has been superseded by [the AWS instructions that enable swarm mode](/docker-cloud/cloud-swarm/link-aws-swarm/).
 
-You can create a role with AWS IAM (Identity and Access Management) so that Docker Cloud can provision and manage **node clusters** and **nodes** on your behalf.
+You can create a role with AWS IAM (Identity and Access Management) so that
+Docker Cloud can provision and manage **node clusters** and **nodes** on your
+behalf.
 
-[Previously](https://docs.docker.com/v1.11/docker-cloud/infrastructure/link-aws/), we recommended that you create a service user that Docker Cloud would use to access your AWS account. If you previously used this method, you can [create a new role](link-aws.md#acreate-a-dockercloud-role-role), attach the policy you created previously, unlink your AWS credentials and relink them using the new ARN method. You can then delete the `dockercloud-user`.
+[Previously](https://docs.docker.com/v1.11/docker-cloud/infrastructure/link-aws),we recommended that you create a service user that Docker Cloud would use
+to access your AWS account. If you used this method, you can [create a new
+role](link-aws.md#create-a-dockercloud-role-role), attach the policy you created
+for this purpose (see <a href="https://console.aws.amazon.com/iam/home#policies"
+target ="_blank">AWS polices</a>), unlink your AWS credentials and relink them
+using the new ARN method. You can then delete the `dockercloud-user` on AWS.
 
 ## Create a dockercloud-policy
 
@@ -47,7 +54,7 @@ Create an access control policy that will grant specific privileges to Docker Cl
     `iam:ListInstanceProfiles` allows the user to retrieve instance profiles to apply to your nodes.
 
     > **Note**: You cannot use an instance profile that has more permissions than the IAM user you are using with Docker Cloud. If you do that, you will get an "unauthorized operation" error. You can fix this issue by adding the `"Action":"iam:PassRole"` permission to the policy for the service user. You can read more about this <a href="http://blogs.aws.amazon.com/security/post/Tx3M0IFB5XBOCQX/Granting-Permission-to-Launch-EC2-Instances-with-IAM-Roles-PassRole-Permission" target="_blank">here</a>.
-    
+
 6.  Click **Validate Policy**.
 7.  If the validation is successful click **Create Policy**.