[v17] Address 67 Vale warnings (#52743)

Backports #52511

- Fix "Auth Service" variations.
- Fix some AWS product naming violations.
- Ignore some false positives.
- Fix capitalization warnings.
- Address warnings re: outdated product names.

Some of the warning categories above include auto-generated pages. This
change does not touch the generators in order to simplify things.

docs/pages/admin-guides/access-controls/access-request-plugins/ssh-approval-pagerduty.mdx

@@ -421,7 +421,7 @@ the host where you have Helm installed, create a file called
 
 ```yaml
 teleport:
-  address: ""                 # Teleport Auth Server GRPC API address
+  address: ""                 # Teleport Auth Service GRPC API address
   identitySecretName: ""      # Identity secret name
   identitySecretPath: ""      # Identity secret path
 

docs/pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx

@@ -57,7 +57,7 @@ Please replace them with values appropriate for your environment.
 ### Compute Engine: VM Instances with Instance Groups
 
 We recommend using `n1-standard-2` instances in production. It's best to separate
-Teleport's Proxy Servers and Auth Servers using instance groups for each.
+Teleport Proxy Service and Auth Service instances using instance groups for each.
 
 ### Compute Engine: Health Checks
 
@@ -70,7 +70,7 @@ see  [Admin Guide: Troubleshooting](../../management/admin/troubleshooting.mdx)
 ### Storage: Cloud Firestore
 
 The [Firestore](https://cloud.google.com/firestore/) backend uses real-time
-updates to keep individual Auth Servers in sync, and requires Firestore configured
+updates to keep individual Auth Service instances in sync, and requires Firestore configured
 in native mode.
 
 To configure Teleport to store audit events in Firestore, add the following to
@@ -166,8 +166,8 @@ service account.
 
 ```code
 $ gcloud iam service-accounts create teleport-auth-server \
-    --description="Service account for Teleport Auth Server" \
-    --display-name="Teleport Auth Server" \
+    --description="Service account for Teleport Auth Service" \
+    --display-name="Teleport Auth Service" \
     --format=yaml
 ```
 
@@ -226,7 +226,7 @@ automatically include the `systemd` configuration.
 
 ```yaml
 #
-# Sample Teleport configuration teleport.yaml file for Auth Server
+# Sample Teleport configuration teleport.yaml file for Auth Service
 #
 teleport:
   nodename: teleport-auth-server
@@ -261,7 +261,7 @@ automatically include the `systemd` configuration.
 
 ```yaml
 #
-# Sample Teleport configuration teleport.yaml file for Auth Server
+# Sample Teleport configuration teleport.yaml file for Auth Service
 #
 teleport:
   nodename: teleport-auth-server
@@ -292,7 +292,7 @@ ssh_service:
 
 (!docs/pages/includes/enterprise/obtainlicense.mdx!)
 
-Save your license file on the Auth Servers at the path,
+Save your license file on the Auth Service instances at the path,
 `/var/lib/teleport/license.pem`.
 	</TabItem>
 </Tabs>

docs/pages/admin-guides/deploy-a-cluster/gcp-kms.mdx

@@ -39,7 +39,7 @@ learn more.
 
 Each Teleport Auth Service instance will need to be configured to use a GCP key
 ring which will hold all keys generated and used by that Auth Service instance.
-If running a High-Availability Teleport cluster with two or more Auth Servers,
+If running a High-Availability Teleport cluster with two or more Auth Service instances,
 every Auth Service instance can be configured to use the same key ring, or if
 desired each can be configured to use a unique key ring in a different region
 (for redundancy or to decrease latency).
@@ -48,7 +48,7 @@ It is recommended to create a dedicated key ring for use by Teleport to logicall
 separate it from any other keys in your cloud account.
 Choose a supported
 [KMS location](https://cloud.google.com/kms/docs/locations)
-for the key ring which is geographically near to your Teleport Auth Servers.
+for the key ring which is geographically near to your Teleport Auth Service instances.
 
 You can create a key ring from the Google Cloud Console or from the `gcloud` CLI
 tool. Follow
@@ -100,8 +100,8 @@ service account.
 
 ```code
 $ gcloud iam service-accounts create teleport-auth-server \
-    --description="Service account for Teleport Auth Server" \
-    --display-name="Teleport Auth Server" \
+    --description="Service account for Teleport Auth Service" \
+    --display-name="Teleport Auth Service" \
     --format=yaml
 ```
 

docs/pages/admin-guides/infrastructure-as-code/terraform-provider/ci-or-cloud.mdx

@@ -372,7 +372,7 @@ terraform-job:
       # Teleport cluster. This is not necessarily the address of your Teleport
       # cluster and will not include a port or scheme (http/https)
       #
-      # This helps the Teleport Auth Server know that the token is intended for
+      # This helps the Teleport Auth Service know that the token is intended for
       # it, and not a different service or Teleport cluster.
       aud: "<Var name="teleport.example.com"/>"
   script:

docs/pages/admin-guides/infrastructure-as-code/terraform-provider/dedicated-server.mdx

@@ -114,7 +114,7 @@ terraform {
 }
 
 provider "teleport" {
-  # Replace with the address of your Teleport Proxy or Auth Server.
+  # Replace with the address of your Teleport Proxy or Auth Service.
   addr               = "teleport.example.com:443"
   # Replace with the directory configured in the identity output in the
   # previous step.

docs/pages/connect-your-client/introduction.mdx

@@ -238,7 +238,7 @@ Or you can upload using drag and drop:
 </TabItem>
 </Tabs>
 
-### Database Access
+### Database access
 
 <Tabs>
 <TabItem label="tsh">
@@ -345,6 +345,5 @@ either directly or through proxy tunnels.
   Teleport. You use it to connect to servers, databases, and Kubernetes
   clusters. See [Using Teleport Connect](./teleport-connect.mdx).
 
-{/*lint ignore messaging for page title*/}
-- [Database Access GUI Clients](./gui-clients.mdx) details
-how to connect many popular database GUI clients through Teleport.
+- [Access Teleport-protected databases with GUI clients](./gui-clients.mdx):
+  Details how to connect many popular database GUI clients through Teleport.

docs/pages/connect-your-client/notifications.mdx

@@ -14,7 +14,7 @@ In the Web UI, you can list all your notifications by clicking on the bell icon
 Clicking on a notification will redirect you to the relevant page, or in the case of a custom notification generated by an administrator, open a dialog containing its text content.
 You can mark the notification as read to acknowledge it, or hide it to have it never be shown to you again.
 
-Some notifications may include quick action buttons which allow you perform actions directly from the notification, such as assuming granted roles from an approved access request notification.
+Some notifications may include quick action buttons which allow you perform actions directly from the notification, such as assuming granted roles from an approved Access Request notification.
 
 ![Notification in the WebUI](../../img/notification.png)
 

docs/pages/connect-your-client/teleport-connect.mdx

@@ -71,7 +71,7 @@ The top bar of Teleport Connect consists of:
   trusted clusters and there are leaf clusters connected to the root cluster. It lets you browse
   leaf cluster resources. Also, the "Open new terminal" action will bind new terminal tabs to the selected cluster.
 - The **additional actions menu** (to the left of the profile selector), containing options such as
-  opening a config file or creating an access request in an Enterprise cluster.
+  opening a config file or creating an Access Request in an Enterprise cluster.
 
 The **status bar** at the bottom displays **cluster breadcrumbs** in the bottom left, indicating
 which cluster the current tab is bound to, and the **Share Feedback** button in the bottom right.
@@ -165,7 +165,7 @@ with that command executed.
 Teleport Connect supports launching applications in the browser, as well as creating
 authenticated tunnels for web and TCP applications.
 
-When it comes to [cloud APIs secured with Application Access](../enroll-resources/application-access/cloud-apis/cloud-apis.mdx),
+When it comes to [cloud APIs secured with Teleport](../enroll-resources/application-access/cloud-apis/cloud-apis.mdx),
 Teleport Connect supports launching the AWS console in the browser, but other CLI applications can
 be used only through tsh in [a local terminal tab](#opening-a-local-terminal).
 

docs/pages/enroll-resources/agents/join-services-to-your-cluster/kubernetes.mdx

@@ -238,7 +238,9 @@ namespace "teleport-agent" deleted
 
 ## Going further
 
+{/* vale messaging.protocol-products = NO */}
 - The possible values for `teleport-kube-agent` chart are documented
   [in its reference](../../../reference/helm-reference/teleport-kube-agent.mdx).
 - See [Application Access Guides](../../application-access/guides/guides.mdx)
 - See [Database Access Guides](../../database-access/guides/guides.mdx)
+{/* vale messaging.protocol-products = YES */}

docs/pages/enroll-resources/application-access/guides/amazon-athena.mdx

@@ -51,7 +51,9 @@ connecting to your Athena database.
 
 ### Using AWS CLI
 
+{/* vale 3rd-party-products.aws-vs-amazon = NO */}
 (!docs/pages/includes/application-access/aws-database-access-cli.mdx iam-role="ExampleTeleportAthenaRole" tsh-example="tsh aws athena list-work-groups"!)
+{/* vale 3rd-party-products.aws-vs-amazon = YES */}
 
 ### Using other Athena applications
 
@@ -192,5 +194,5 @@ $ tsh apps logout aws
 ```
 
 ## Next steps
-- More information on [AWS Management and API with Teleport Application Access](../../application-access/cloud-apis/aws-console.mdx).
+- More information on [AWS Management Console and API access with Teleport](../../application-access/cloud-apis/aws-console.mdx).
 - Learn more about [AWS service endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html).

docs/pages/enroll-resources/application-access/guides/dynamodb.mdx

@@ -80,7 +80,9 @@ connecting to your DynamoDB database.
 
 ### Using AWS CLI
 
+{/* vale 3rd-party-products.aws-vs-amazon = NO */}
 (!docs/pages/includes/application-access/aws-database-access-cli.mdx iam-role="ExampleTeleportDynamoDBRole" tsh-example="tsh aws dynamodb list-tables"!)
+{/* vale 3rd-party-products.aws-vs-amazon = YES */}
 
 ### Using other DynamoDB applications
 

docs/pages/enroll-resources/application-access/guides/guides.mdx

@@ -17,4 +17,4 @@ Manage access to internal applications:
 - [Dynamic Registration](dynamic-registration.mdx): Register/unregister apps without restarting Teleport.
 - [Amazon Athena Access](amazon-athena.mdx): How to access Amazon Athena with Teleport.
 - [Amazon DynamoDB Access](dynamodb.mdx): How to access Amazon DynamoDB as an application.
-- [Application Access HA](ha.mdx): How to configure the Teleport Application Service for high availability. 
+- [Application Service HA](ha.mdx): How to configure the Teleport Application Service for high availability. 

docs/pages/enroll-resources/application-access/guides/tcp.mdx

@@ -23,7 +23,7 @@ and `*.teleport.example.com`. You can substitute the address of your Teleport
 Proxy Service. (For Teleport Cloud customers, this will be similar to
 `mytenant.teleport.sh`.)
 
-<Admonition type="note" title="Application Access and DNS" scope={["oss", "enterprise"]} scopeOnly>
+<Admonition type="note">
 (!docs/pages/includes/dns-app-access.mdx!)
 </Admonition>
 

docs/pages/enroll-resources/application-access/guides/vnet.mdx

@@ -30,9 +30,11 @@ to first update the VNet config in the Auth Service to include a matching DNS zo
 - A TCP application connected to the cluster.
 - A domain name under your control.
 
+{/* vale messaging.protocol-products = NO */}
 In this guide, we'll use the example app from [TCP Application Access guide](tcp.mdx) and make it
 available through VNet at <Var name="public_addr" initial="tcp-app.company.test"/> with
 <Var name="suffix" initial="company.test" /> as the custom DNS zone.
+{/* vale messaging.protocol-products = YES */}
 
 ## Step 1/3. Configure custom DNS zone
 

docs/pages/enroll-resources/application-access/okta/hosted-guide.mdx

@@ -7,7 +7,7 @@ Teleport can import and grant access to resources from an Okta organizations,
 such as user profiles, groups and applications. Teleport can provision user
 accounts based Okta users, Okta applications can be accessed through Teleport's 
 application access UI, and access to these applications along with user groups
-can be managed by Teleport's RBAC along with access requests.
+can be managed by Teleport's RBAC along with Access Requests.
 
 This guide will help you set up the Okta Service as a Teleport hosted
 integration.
@@ -247,7 +247,7 @@ are deleted by a Teleport Administrator. That is, they will *not* be deleted
 when the hosted integration is deleted.
 
 The easiest way to clean these up is through the use of `tctl`. A batch command
-like this will remove all Okta sourced access lists in a system:
+like this will remove all Okta-sourced Access Lists in a system:
 
 ```
 tctl get access_lists --format json | jq '.[] | select(.metadata.labels["teleport.dev/origin"] == "okta") | .metadata.name' -r | xargs -I{} tctl rm "access_list/{}"

docs/pages/enroll-resources/application-access/troubleshooting-apps.mdx

@@ -194,7 +194,10 @@ about a user's Teleport roles or traits, you can configure Teleport to omit
 this information from the JWT. This will result in a smaller JWT that is less
 likely to exceed the limit.
 
+{/* vale messaging.protocol-products = NO */}
 This configuration is available under the `jwt_claims` property of the
 application's `rewrite` configuration. See
 [Web Application Access](./guides/connecting-apps.mdx#configuring-the-jwt-token)
 for details.
+{/* vale messaging.protocol-products = YES */}
+

docs/pages/enroll-resources/database-access/database-access.mdx

@@ -20,6 +20,6 @@ Agent Architecture](../../reference/architecture/agents.mdx). You can also learn
 deploy a [pool of Teleport Agents](../agents/introduction.mdx) to run multiple
 agent services.
 
-![Teleport Database Access Diagram](../../../img/database-access/architecture.svg)
+![Architecture diagram for enrolling databases with Teleport](../../../img/database-access/architecture.svg)
 
 (!toc!)

docs/pages/enroll-resources/database-access/enroll-aws-databases/aws-dynamodb.mdx

@@ -218,7 +218,9 @@ $ aws dynamodb list-tables --endpoint-url=http://localhost:8000
 }
 ```
 
+{/* vale messaging.protocol-products = NO */}
 You can also connect to this database from the AWS NoSQL Workbench, as documented in our [Database Access GUI Clients](../../../connect-your-client/gui-clients.mdx#nosql-workbench) guide.
+{/* vale messaging.protocol-products = YES */}
 
 You can also use this tunnel for programmatic access. The example below uses the `boto3` SDK from AWS:
 

docs/pages/enroll-resources/database-access/enroll-azure-databases/azure-postgres-mysql.mdx

@@ -18,10 +18,10 @@ database.
 
 <Tabs>
 <TabItem scope={["oss", "enterprise"]} label="Self-Hosted">
-![Teleport Database Access Azure PostgreSQL/MySQL Self-Hosted](../../../../img/database-access/guides/azure_selfhosted.png)
+![Enrolling Azure PostgreSQL/MySQL with a self-hosted Teleport cluster](../../../../img/database-access/guides/azure_selfhosted.png)
 </TabItem>
 <TabItem scope={["cloud"]} label="Teleport Enterprise Cloud">
-![Teleport Database Access Azure PostgreSQL/MySQL Cloud](../../../../img/database-access/guides/azure_cloud.png)
+![Enrolling Azure PostgreSQL/MySQL with a cloud-hosted Teleport cluster](../../../../img/database-access/guides/azure_cloud.png)
 </TabItem>
 </Tabs>
 

docs/pages/enroll-resources/database-access/enroll-self-hosted-databases/oracle-self-hosted.mdx

@@ -11,7 +11,7 @@ description: How to configure Teleport database access with Oracle.
 
 <Tabs>
 <TabItem scope={["enterprise"]} label="Teleport Enterprise">
-![Teleport Database Access Self-hosted Oracle](../../../../img/database-access/guides/oracle_selfhosted.png)
+![Enroll Oracle with a Self-Hosted Teleport Cluster](../../../../img/database-access/guides/oracle_selfhosted.png)
 </TabItem>
 <TabItem scope={["cloud"]} label="Teleport Enterprise Cloud">
 ![Enroll Oracle with a Cloud-Hosted Teleport Cluster](../../../../img/database-access/guides/oracle_selfhosted_cloud.png)

docs/pages/enroll-resources/database-access/enroll-self-hosted-databases/redis-cluster.mdx

@@ -3,7 +3,9 @@ title: Database Access with Redis Cluster
 description: How to configure Teleport database access with Redis Cluster.
 ---
 
+{/* vale messaging.protocol-products = NO */}
 If you want to configure Redis Standalone, please read [Database Access with Redis](redis.mdx).
+{/* vale messaging.protocol-products = YES */}
 
 (!docs/pages/includes/database-access/self-hosted-introduction.mdx dbType="Redis cluster"!)
 

docs/pages/enroll-resources/database-access/enroll-self-hosted-databases/redis.mdx

@@ -3,7 +3,9 @@ title: Database Access with Redis
 description: How to configure Teleport database access with Redis.
 ---
 
+{/* vale messaging.protocol-products = NO */}
 If you want to configure Redis Cluster, please read [Database Access with Redis Cluster](redis-cluster.mdx).
+{/* vale messaging.protocol-products = YES */}
 
 (!docs/pages/includes/database-access/self-hosted-introduction.mdx dbType="Redis"!)
 

docs/pages/enroll-resources/desktop-access/introduction.mdx

@@ -73,6 +73,7 @@ Desktop Service, see the following topics:
 The following topics provide information about performing common tasks and
 Windows-specific configuration settings, role-based permissions, and audit events:
 
+{/* vale messaging.protocol-products = NO */}
 - [Role-Based Access Control for Desktops](./rbac.mdx)
 - [Clipboard Sharing](../../reference/agent-services/desktop-access-reference/clipboard.mdx)
 - [Directory Sharing](./directory-sharing.mdx)
@@ -82,4 +83,5 @@ Windows-specific configuration settings, role-based permissions, and audit event
 - [Desktop Access Audit Events Reference](../../reference/agent-services/desktop-access-reference/audit.mdx)
 - [Desktop Access Configuration Reference](../../reference/agent-services/desktop-access-reference/configuration.mdx)
 - [Desktop Access CLI Reference](../../reference/agent-services/desktop-access-reference/cli.mdx)
+{/* vale messaging.protocol-products = YES */}
 

docs/pages/enroll-resources/kubernetes-access/register-clusters/dynamic-registration.mdx

@@ -459,6 +459,5 @@ clusters via Teleport, check out the following guides:
 - [Connect a Kubernetes Cluster to Teleport](../getting-started.mdx): How to use
   the `teleport-kube-agent` Helm chart to register a Kubernetes cluster with
   Teleport.
-- [Kubernetes Access from a Standalone Teleport
-  Cluster](./static-kubeconfig.mdx): How to use the Teleport Kubernetes
+- [Enroll a Kubernetes Cluster with a Static kubeconfig](./static-kubeconfig.mdx): How to use the Teleport Kubernetes
   Service's configuration file to register a Kubernetes cluster with Teleport.

docs/pages/enroll-resources/machine-id/access-guides/applications.mdx

@@ -14,7 +14,7 @@ used to access an application enrolled in your Teleport cluster.
 (!docs/pages/includes/edition-prereqs-tabs.mdx!)
 
 - If you have not already connected your application to Teleport, follow
-  the [Application Access Getting Started Guide](../../application-access/getting-started.mdx).
+  the [Protect a Web Application with Teleport](../../application-access/getting-started.mdx).
 - (!docs/pages/includes/tctl.mdx!)
 - `tbot` must already be installed and configured on the machine that will
   access applications. For more information, see the

docs/pages/enroll-resources/machine-id/access-guides/databases.mdx

@@ -9,8 +9,8 @@ can be used to grant machines secure, short-lived access to these databases.
 In this guide, you will configure `tbot` to produce credentials that can be
 used to access a database configured in Teleport.
 
-<Figure align="left" bordered caption="Machine ID and Database Access Deployment">
-![Machine ID and Database Access Deployment](../../../../img/machine-id/machine-id-database-access.svg)
+<Figure align="left" bordered caption="Accessing Teleport-protected databases with Machine ID">
+![Accessing Teleport-protected databases with Machine ID](../../../../img/machine-id/machine-id-database-access.svg)
 </Figure>
 
 ## Prerequisites
@@ -82,11 +82,13 @@ This rule will allow the bot to do two things:
   label selector) as the user `alice`.
 - Discover information about database resources in Teleport.
 
+{/* vale messaging.protocol-products = NO */}
 The `'*': '*'` label selector grants access to any database server configured in Teleport.
 In production, consider restricting the bot's access using a more specific
 label selector; see the
 [Database Access RBAC guide](../../database-access/rbac.mdx)
 for a full reference of database-related role options.
+{/* vale messaging.protocol-products = YES */}
 
 ## Step 2/4. Configure a database `tbot` output
 

docs/pages/enroll-resources/machine-id/access-guides/kubernetes.mdx

@@ -15,7 +15,7 @@ used to access a Kubernetes cluster enrolled with your Teleport cluster.
 (!docs/pages/includes/edition-prereqs-tabs.mdx!)
 
 - If you have not already connected your Kubernetes cluster to Teleport, follow
-  the [Kubernetes Access Getting Started Guide](../../kubernetes-access/getting-started.mdx).
+  [Enroll a Kubernetes Cluster](../../kubernetes-access/getting-started.mdx).
 - (!docs/pages/includes/tctl.mdx!)
 - To configure the Kubernetes cluster, your client system will need to have
   `kubectl` installed. See the
@@ -183,5 +183,5 @@ this format is compatible with most Kubernetes tools including:
 
 - Read the [configuration reference](../../../reference/machine-id/configuration.mdx) to explore
   all the available configuration options.
-- Read the [Kubernetes Access RBAC guide](../../kubernetes-access/controls.mdx)
-  for more details on controlling Kubernetes access.
+- Read the [Teleport Kubernetes RBAC guide](../../kubernetes-access/controls.mdx)
+  for more details on controlling Kubernetes access.