add absolute and relative links

Signed-off-by: Aaron Wislang <aaron.wislang@microsoft.com>

Author: asw101

modules/2-deploy-linux-postgresql-infrastructure.md

@@ -6,14 +6,14 @@ You're guided through the creation of the compute resources that host your appli
 
 There are multiple methods to deploy infrastructure in Azure, including the Azure portal, Azure CLI, and Infrastructure as Code templates including Bicep and Terraform.
 
-In this module, we show you how to deploy a preconfigured [Bicep](/azure/azure-resource-manager/bicep/overview?tabs=bicep) template that encapsulates the compute resources required for your application.
+In this module, we show you how to deploy a preconfigured [Bicep][docs-rel-1] template that encapsulates the compute resources required for your application.
 
 The key resources deployed are:
 
 - Virtual Machine (VM) running Linux (Ubuntu 24.04 LTS).
-- Azure Database for Postgres running [Postgres 16 or above](https://www.postgresql.org/download/).
-- A [Managed Identity](/entra/identity/managed-identities-azure-resources/overview) to enable secure access from the VM to the database.
-- [Role-Based Access Controls (RBAC)](/azure/role-based-access-control/overview) including roles to access the database as an administrator, and more restrictive roles for the application itself.
+- Azure Database for Postgres running [Postgres 16 or above][2].
+- A [Managed Identity][3] to enable secure access from the VM to the database.
+- [Role-Based Access Controls (RBAC)][docs-rel-4] including roles to access the database as an administrator, and more restrictive roles for the application itself.
 - A Virtual Network for both the VM and database.
 
 As this is a test/dev workload, and we're looking to keep things both cost-effective and performant, we've chosen the following configuration for you:
@@ -24,11 +24,11 @@ The database SKU is a General Purpose, D2ds_v4, 2 vCores, 8-GB RAM with 3200 max
 
 At the completion of the module, you delete these resources to save cost. However, you can also turn off the VM and database when not in use to save compute cost, and pay only for the storage used. This workload can also be scaled up as needed.
 
-The Bicep template in this module utilizes [Azure Verified Modules (AVM)](https://azure.github.io/Azure-Verified-Modules/) which is "an initiative to consolidate and set the standards for what a good Infrastructure-as-Code module looks like". Microsoft maintains these modules and they encapsulate many best practices for deploying resources in Azure. 
+The Bicep template in this module utilizes [Azure Verified Modules (AVM)][5] which is "an initiative to consolidate and set the standards for what a good Infrastructure-as-Code module looks like". Microsoft maintains these modules and they encapsulate many best practices for deploying resources in Azure. 
 
 ## Azure Subscription and Azure CLI 
 
-If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/) before you begin.
+If you don't have an Azure subscription, create a [free account][6] before you begin.
 
 This module requires Azure CLI version 2.0.30 or later. 
 
@@ -38,7 +38,7 @@ Find the version with the following command:
 az --version
 ```
 
-If you need to install or upgrade, see [Install Azure CLI](/cli/azure/install-azure-cli).
+If you need to install or upgrade, see [Install Azure CLI][docs-rel-7].
 
 ## Sign in to Azure using the CLI
 
@@ -50,7 +50,7 @@ az login
 
 ## Create a resource group
 
-A resource group is a container for related resources. All resources must be placed in a resource group. The [az group create](/cli/azure/group) command creates a resource group.
+A resource group is a container for related resources. All resources must be placed in a resource group. The [az group create][docs-rel-8] command creates a resource group.
 
 ```bash
 az group create \
@@ -62,8 +62,8 @@ az group create \
 
 Bicep is a domain-specific language (DSL) that uses declarative syntax to deploy Azure resources. In a Bicep file, you define the infrastructure you want to deploy to Azure, and then use that file throughout the development lifecycle to repeatedly deploy your infrastructure. Your resources are deployed in a consistent manner.
 
-The bicep file we're using to deploy the compute resources is located at [deploy/vm-postgres.bicep](https://github.com/Azure-Samples/linux-postgres-migration/blob/main/deploy/vm-postgres.bicep). It contains a Virtual Machine, a Virtual Network, a Managed Identity, a Network Security Group for the VM. You can read 
-more about Bicep on [What is Bicep?](/azure/azure-resource-manager/bicep/overview?tabs=bicep).
+The bicep file we're using to deploy the compute resources is located at [deploy/vm-postgres.bicep][9]. It contains a Virtual Machine, a Virtual Network, a Managed Identity, a Network Security Group for the VM. You can read 
+more about Bicep on [What is Bicep?][docs-rel-1].
 
 If you run this command on your local machine, first clone the example repo to your machine.
 
@@ -93,7 +93,7 @@ We can encode these roles and rules into our Bicep template we choose to use the
 
 ## Open the Resource Group in the Azure portal
 
-Open the Azure portal at [https://portal.azure.com](https://portal.azure.com).
+Open the Azure portal at [https://portal.azure.com][10].
 
 In the left-hand navigation pane, select **Resource groups**.
 
@@ -117,13 +117,13 @@ At the top of the page, select the breadcrumb link to return to the Resource Gro
 
 Note the `240900-linux-postgres-identity` User Assigned Managed Identity is listed in the Resource Group.
 
-You can learn more about System Assigned and User Assigned managed identities in [What are managed identities for Azure resources?](/entra/identity/managed-identities-azure-resources/overview#managed-identity-types).
+You can learn more about System Assigned and User Assigned managed identities in [What are managed identities for Azure resources?][11].
 
 ## Add an Inbound Security Rule to the Network Security Group
 
 Next you add an inbound security rule to allow SSH traffic from your current IP address to the Virtual Machine.
 
-In a production scenario, you would often use [just-in-time access](/azure/defender-for-cloud/just-in-time-access-usage), [Azure Bastion](/azure/bastion/bastion-overview), or a VPN (such as Azure or a mesh VPN) to secure your Virtual Machine. These security approaches allow you to restrict access to the Virtual Machine to only when needed.
+In a production scenario, you would often use [just-in-time access][docs-rel-12], [Azure Bastion][docs-rel-13], or a VPN (such as Azure or a mesh VPN) to secure your Virtual Machine. These security approaches allow you to restrict access to the Virtual Machine to only when needed.
 
 Now add an inbound security rule to the NSG to allow SSH traffic from your current IP address.
 
@@ -155,7 +155,7 @@ In the upcoming section you use the identity from the Virtual Machine to adminis
 
 In a production scenario, you would likely use a combination of Managed Identities, Microsoft Entra ID, and fine-grained Role-Based Access Control (RBAC) to enable your application workload to access data and manage resources in Azure securely, following the principle of least privilege.
 
-Read more about these scenarios via [Microsoft Entra authentication with Azure Database for PostgreSQL - Flexible Server](/azure/postgresql/flexible-server/concepts-azure-ad-authentication) and [Use Microsoft Entra ID for authentication with Azure Database for PostgreSQL - Flexible Server](/azure/postgresql/flexible-server/how-to-configure-sign-in-azure-ad-authentication).
+Read more about these scenarios via [Microsoft Entra authentication with Azure Database for PostgreSQL - Flexible Server][docs-rel-14] and [Use Microsoft Entra ID for authentication with Azure Database for PostgreSQL - Flexible Server][docs-rel-15].
 
 ## Review the Azure Database for PostgreSQL Flexible Server Firewall Rules
 
@@ -173,7 +173,7 @@ In production, we would likely further isolate this server from the public inter
 
 Unlike the Virtual Machine, we haven't associated our Azure Database for PostgreSQL with any Virtual Network. This means we retain the option of accessing it over the public internet which is useful for test/dev scenarios. 
 
-To provide both security and flexibility, we enable access from the Virtual Machine via its Virtual Network using a private endpoint. The private endpoint allows the Virtual Machine to access the database without exposing it to the public internet. Read more about private endpoints in [Azure Database for PostgreSQL - Flexible Server networking with Private Link](/azure/postgresql/flexible-server/concepts-private-link).
+To provide both security and flexibility, we enable access from the Virtual Machine via its Virtual Network using a private endpoint. The private endpoint allows the Virtual Machine to access the database without exposing it to the public internet. Read more about private endpoints in [Azure Database for PostgreSQL - Flexible Server networking with Private Link][docs-rel-16].
 
 We use the Azure portal instead of Bicep to create the private endpoint for demonstration purposes.
 
@@ -222,16 +222,43 @@ At a later stage we will assign an additional role to the VM's managed identity
 Next you will explore and configure the deployed infrastructure.
 
 ## Resources
-- [Azure Verified Modules (AVM)](https://azure.github.io/Azure-Verified-Modules/)
-- [Install Azure CLI](/cli/azure/install-azure-cli)
-- [Bicep Documentation](/azure/azure-resource-manager/bicep/overview?tabs=bicep)
-- [Create a resource group using Azure CLI](/cli/azure/group)
-- [Azure Role-Based Access Controls (RBAC)](/azure/role-based-access-control/overview) 
-- [Azure Managed Identity](/entra/identity/managed-identities-azure-resources/overview)
-- [What is Bicep?](/azure/azure-resource-manager/bicep/overview?tabs=bicep)
-- [What are managed identities for Azure resources?](/entra/identity/managed-identities-azure-resources/overview#managed-identity-types)
-- [Enable just-in-time access on VMs](/azure/defender-for-cloud/just-in-time-access-usage)
-- [What is Azure Bastion?](/azure/bastion/bastion-overview)
-- [Microsoft Entra authentication with Azure Database for PostgreSQL - Flexible Server](/azure/postgresql/flexible-server/concepts-azure-ad-authentication)
-- [Use Microsoft Entra ID for authentication with Azure Database for PostgreSQL - Flexible Server](/azure/postgresql/flexible-server/how-to-configure-sign-in-azure-ad-authentication)
-- [Azure Database for PostgreSQL - Flexible Server networking with Private Link](/azure/postgresql/flexible-server/concepts-private-link)
+- [Azure Verified Modules (AVM)][5]
+- [Install Azure CLI][docs-rel-7]
+- [Bicep Documentation][docs-rel-1]
+- [Create a resource group using Azure CLI][docs-rel-8]
+- [Azure Role-Based Access Controls (RBAC)][docs-rel-4] 
+- [Azure Managed Identity][3]
+- [What is Bicep?][docs-rel-1]
+- [What are managed identities for Azure resources?][11]
+- [Enable just-in-time access on VMs][docs-rel-12]
+- [What is Azure Bastion?][docs-rel-13]
+- [Microsoft Entra authentication with Azure Database for PostgreSQL - Flexible Server][docs-rel-14]
+- [Use Microsoft Entra ID for authentication with Azure Database for PostgreSQL - Flexible Server][docs-rel-15]
+- [Azure Database for PostgreSQL - Flexible Server networking with Private Link][docs-rel-16]
+
+
+[docs-rel-1]: /azure/azure-resource-manager/bicep/overview?tabs=bicep
+[docs-abs-1]: https://learn.microsoft.com/azure/azure-resource-manager/bicep/overview?tabs=bicep
+[2]: https://www.postgresql.org/download/
+[3]: /entra/identity/managed-identities-azure-resources/overview
+[docs-rel-4]: /azure/role-based-access-control/overview
+[docs-abs-4]: https://learn.microsoft.com/azure/role-based-access-control/overview
+[5]: https://azure.github.io/Azure-Verified-Modules/
+[6]: https://azure.microsoft.com/free/
+[docs-rel-7]: /cli/azure/install-azure-cli
+[docs-abs-7]: https://learn.microsoft.com/cli/azure/install-azure-cli
+[docs-rel-8]: /cli/azure/group
+[docs-abs-8]: https://learn.microsoft.com/cli/azure/group
+[9]: https://github.com/Azure-Samples/linux-postgres-migration/blob/main/deploy/vm-postgres.bicep
+[10]: https://portal.azure.com
+[11]: /entra/identity/managed-identities-azure-resources/overview#managed-identity-types
+[docs-rel-12]: /azure/defender-for-cloud/just-in-time-access-usage
+[docs-abs-12]: https://learn.microsoft.com/azure/defender-for-cloud/just-in-time-access-usage
+[docs-rel-13]: /azure/bastion/bastion-overview
+[docs-abs-13]: https://learn.microsoft.com/azure/bastion/bastion-overview
+[docs-rel-14]: /azure/postgresql/flexible-server/concepts-azure-ad-authentication
+[docs-abs-14]: https://learn.microsoft.com/azure/postgresql/flexible-server/concepts-azure-ad-authentication
+[docs-rel-15]: /azure/postgresql/flexible-server/how-to-configure-sign-in-azure-ad-authentication
+[docs-abs-15]: https://learn.microsoft.com/azure/postgresql/flexible-server/how-to-configure-sign-in-azure-ad-authentication
+[docs-rel-16]: /azure/postgresql/flexible-server/concepts-private-link
+[docs-abs-16]: https://learn.microsoft.com/azure/postgresql/flexible-server/concepts-private-link

modules/3-configure-linux-application-workload.md

@@ -5,7 +5,7 @@
 In this module, you will:
 
 - Configure a Linux application workload to connect to an Azure Database for PostgreSQL using a system-assigned managed identity.
-- Connect to the [Azure Virtual Machine using the Azure CLI](/azure/virtual-machines/linux/quick-create-cli). 
+- Connect to the [Azure Virtual Machine using the Azure CLI][docs-rel-1]. 
 - Install the necessary tools.
 - Connect to the PostgreSQL server using `psql`.
 - Clone the repository containing the sample application.
@@ -20,7 +20,7 @@ VM_ID=$(az vm show --resource-group 240900-linux-postgres --name vm-1 --query id
 
 ## Assign the 'Virtual Machine Administrator Login' role to the user for the VM
 
-You can read more about the Privileged role in Azure VMs on the [Azure built-in roles for Privileged](/azure/role-based-access-control/built-in-roles/privileged#role-based-access-control-administrator).
+You can read more about the Privileged role in Azure VMs on the [Azure built-in roles for Privileged][docs-rel-2].
 
 ```bash
 az role assignment create \
@@ -197,7 +197,15 @@ exit
 ```
 
 ## Resources
-- [Sign in to a Linux virtual machine in Azure using Azure AD](/entra/identity/devices/howto-vm-sign-in-azure-ad-linux)
-- [Connect to an Azure Database for PostgreSQL server using a managed identity](/azure/postgresql/single-server/how-to-connect-with-managed-identity)
-- [Create a Linux virtual machine with the Azure CLI on Azure](/azure/virtual-machines/linux/quick-create-cli). 
-- [Azure built-in roles for Privileged](/azure/role-based-access-control/built-in-roles/privileged#role-based-access-control-administrator).
+- [Sign in to a Linux virtual machine in Azure using Azure AD][3]
+- [Connect to an Azure Database for PostgreSQL server using a managed identity][docs-rel-4]
+- [Create a Linux virtual machine with the Azure CLI on Azure][docs-rel-1]. 
+- [Azure built-in roles for Privileged][docs-rel-2].
+
+[docs-rel-1]: /azure/virtual-machines/linux/quick-create-cli
+[docs-abs-1]: https://learn.microsoft.com/azure/virtual-machines/linux/quick-create-cli
+[docs-rel-2]: /azure/role-based-access-control/built-in-roles/privileged#role-based-access-control-administrator
+[docs-abs-2]: https://learn.microsoft.com/azure/role-based-access-control/built-in-roles/privileged#role-based-access-control-administrator
+[3]: /entra/identity/devices/howto-vm-sign-in-azure-ad-linux
+[docs-rel-4]: /azure/postgresql/single-server/how-to-connect-with-managed-identity
+[docs-abs-4]: https://learn.microsoft.com/azure/postgresql/single-server/how-to-connect-with-managed-identity

modules/4-explore-run-linux-postgresql-workloads.md

@@ -394,5 +394,11 @@ az deployment group create \
 ```
 
 ## Resources
-- [Azure Blob Storage Documentation](/azure/storage/blobs/)
-- [Azure Role-Based Access Control (RBAC) Documentation](/azure/role-based-access-control/overview)
+- [Azure Blob Storage Documentation][docs-rel-1]
+- [Azure Role-Based Access Control (RBAC) Documentation][docs-rel-2]
+
+
+[docs-rel-1]: /azure/storage/blobs/
+[docs-abs-1]: https://learn.microsoft.com/azure/storage/blobs/
+[docs-rel-2]: /azure/role-based-access-control/overview
+[docs-abs-2]: https://learn.microsoft.com/azure/role-based-access-control/overview