From 858b23fcb7f8b9785186a0bb0bb1da1696d8a47c Mon Sep 17 00:00:00 2001
From: Paul Gottschling <paul.gottschling@goteleport.com>
Date: Thu, 20 Apr 2023 18:12:07 -0400
Subject: [PATCH 1/3] Document HA for Access Request plugins

Closes #8970

Add an "Architecture" section to the Access Request plugin index page
that describes how Access Request plugins run, including what an HA
setup looks like.
---
 .../access-request-plugins/index.mdx          | 30 ++++++++++++++++++-
 .../access-requests/resource-requests.mdx     |  5 ++++
 .../access-requests/role-requests.mdx         |  5 ++++
 .../includes/access-request-integrations.mdx  |  4 ---
 4 files changed, 39 insertions(+), 5 deletions(-)

diff --git a/docs/pages/access-controls/access-request-plugins/index.mdx b/docs/pages/access-controls/access-request-plugins/index.mdx
index 43638ffa41051..457af1962e14d 100644
--- a/docs/pages/access-controls/access-request-plugins/index.mdx
+++ b/docs/pages/access-controls/access-request-plugins/index.mdx
@@ -6,7 +6,35 @@ layout: tocless-doc
 
 Teleport Just-in-Time Access Requests allow users to receive temporary elevated
 privileges by seeking consent from one or more reviewers, depending on your
-configuration. 
+configuration.
+
+With Teleport's Access Request plugins, users can request, approve, and deny
+access without leaving your organization's existing messaging and project
+management solutions.
+
+## Plugin guides
 
 (!docs/pages/includes/access-request-integrations.mdx!)
 
+## Architecture
+
+Access Request plugins are self-contained programs that connect to the Teleport
+Auth Service's gRPC API in order to listen for audit events that relate to new
+or updated Access Requests. After processing an Access Request event, Access
+Request plugins interact with a third-party API (e.g., the Slack or PagerDuty
+APIs). 
+
+Access Request plugins can run within private networks that are isolated from
+the Teleport Auth Service. To access the Auth Service API, they connect to the
+Proxy Service, which establishes a reverse tunnel for the plugin to access the
+Auth Service.
+
+You can run multiple instances of an Access Request plugin for high
+availability. To do so, run each instance in a separate availability zone. There
+is no need for additional configuration or load balancing, as plugins avoid
+creating duplicate requests to their third-party APIs.
+
+To read more about the architecture of an Access Request plugin, and start
+writing your own, read our [Access Request plugin development
+guide](../../api/access-plugin.mdx).
+
diff --git a/docs/pages/access-controls/access-requests/resource-requests.mdx b/docs/pages/access-controls/access-requests/resource-requests.mdx
index 085dc2d3e096a..b05e1c0e9ffcb 100644
--- a/docs/pages/access-controls/access-requests/resource-requests.mdx
+++ b/docs/pages/access-controls/access-requests/resource-requests.mdx
@@ -571,6 +571,11 @@ the requested node, the hostname will be displayed in the Review Request page of
 the Teleport Web UI.
 
 ### Integrating with an external tool
+
+With Teleport's Access Request plugins, users can request, approve, and deny
+access without leaving your organization's existing messaging and project
+management solutions.
+
 (!docs/pages/includes/access-request-integrations.mdx!)
 
 ### Using TTLs with Access Requests
diff --git a/docs/pages/access-controls/access-requests/role-requests.mdx b/docs/pages/access-controls/access-requests/role-requests.mdx
index 0a70c664b67b4..ed0763317aa11 100644
--- a/docs/pages/access-controls/access-requests/role-requests.mdx
+++ b/docs/pages/access-controls/access-requests/role-requests.mdx
@@ -154,6 +154,11 @@ to the original set of roles.
 ## Next Steps
 
 ### Integrating with an external tool
+
+With Teleport's Access Request plugins, users can request, approve, and deny
+access without leaving your organization's existing messaging and project
+management solutions.
+
 (!docs/pages/includes/access-request-integrations.mdx!)
 
 ### Advanced RBAC
diff --git a/docs/pages/includes/access-request-integrations.mdx b/docs/pages/includes/access-request-integrations.mdx
index 5efb037aea7da..bd82be9abb143 100644
--- a/docs/pages/includes/access-request-integrations.mdx
+++ b/docs/pages/includes/access-request-integrations.mdx
@@ -1,7 +1,3 @@
-With Teleport's Access Request plugins, users can request,
-approve, and deny access without leaving your organization's existing messaging
-and project management solutions.
-
 | Integration | Type | Setup Instructions |
 | - | - | - |
 | Slack | Messaging | [Set up Slack](../access-controls/access-request-plugins/ssh-approval-slack.mdx) |

From faa9a8263e8bf20b9809237ea6a64673e4a9c62e Mon Sep 17 00:00:00 2001
From: Paul Gottschling <paul.gottschling@goteleport.com>
Date: Mon, 24 Apr 2023 15:46:38 -0400
Subject: [PATCH 2/3] Respond to alexfornuto feedback

---
 .../access-request-plugins/index.mdx              | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/docs/pages/access-controls/access-request-plugins/index.mdx b/docs/pages/access-controls/access-request-plugins/index.mdx
index 457af1962e14d..55cc7b9f5055e 100644
--- a/docs/pages/access-controls/access-request-plugins/index.mdx
+++ b/docs/pages/access-controls/access-request-plugins/index.mdx
@@ -19,20 +19,19 @@ management solutions.
 ## Architecture
 
 Access Request plugins are self-contained programs that connect to the Teleport
-Auth Service's gRPC API in order to listen for audit events that relate to new
-or updated Access Requests. After processing an Access Request event, Access
-Request plugins interact with a third-party API (e.g., the Slack or PagerDuty
-APIs). 
+Auth Service's gRPC API to listen for audit events relating to new or updated
+Access Requests. After processing an Access Request event, Access Request plugins
+interact with a third-party API (e.g., the Slack or PagerDuty APIs). 
 
 Access Request plugins can run within private networks that are isolated from
 the Teleport Auth Service. To access the Auth Service API, they connect to the
 Proxy Service, which establishes a reverse tunnel for the plugin to access the
 Auth Service.
 
-You can run multiple instances of an Access Request plugin for high
-availability. To do so, run each instance in a separate availability zone. There
-is no need for additional configuration or load balancing, as plugins avoid
-creating duplicate requests to their third-party APIs.
+You can run multiple instances of an Access Request plugin for high availability
+by deploying each instance in a separate availability zone. There is no need for
+additional configuration or load balancing, as plugins avoid creating duplicate
+requests to their third-party APIs.
 
 To read more about the architecture of an Access Request plugin, and start
 writing your own, read our [Access Request plugin development

From cd44233f17177718f6f4e54e5fef89119ad54fa1 Mon Sep 17 00:00:00 2001
From: Paul Gottschling <paul.gottschling@goteleport.com>
Date: Tue, 2 May 2023 17:33:22 -0400
Subject: [PATCH 3/3] Respond to stevenGravy feedback

---
 docs/pages/access-controls/access-request-plugins/index.mdx  | 5 ++---
 .../access-controls/access-requests/resource-requests.mdx    | 5 ++---
 docs/pages/access-controls/access-requests/role-requests.mdx | 5 ++---
 3 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/docs/pages/access-controls/access-request-plugins/index.mdx b/docs/pages/access-controls/access-request-plugins/index.mdx
index 55cc7b9f5055e..a6b6f8cc81369 100644
--- a/docs/pages/access-controls/access-request-plugins/index.mdx
+++ b/docs/pages/access-controls/access-request-plugins/index.mdx
@@ -8,9 +8,8 @@ Teleport Just-in-Time Access Requests allow users to receive temporary elevated
 privileges by seeking consent from one or more reviewers, depending on your
 configuration.
 
-With Teleport's Access Request plugins, users can request, approve, and deny
-access without leaving your organization's existing messaging and project
-management solutions.
+With Teleport's Access Request plugins, users can manage Access Requests from
+within your organization's existing messaging and project management solutions.
 
 ## Plugin guides
 
diff --git a/docs/pages/access-controls/access-requests/resource-requests.mdx b/docs/pages/access-controls/access-requests/resource-requests.mdx
index b05e1c0e9ffcb..92c7bf621324e 100644
--- a/docs/pages/access-controls/access-requests/resource-requests.mdx
+++ b/docs/pages/access-controls/access-requests/resource-requests.mdx
@@ -572,9 +572,8 @@ the Teleport Web UI.
 
 ### Integrating with an external tool
 
-With Teleport's Access Request plugins, users can request, approve, and deny
-access without leaving your organization's existing messaging and project
-management solutions.
+With Teleport's Access Request plugins, users can manage Access Requests from
+within your organization's existing messaging and project management solutions.
 
 (!docs/pages/includes/access-request-integrations.mdx!)
 
diff --git a/docs/pages/access-controls/access-requests/role-requests.mdx b/docs/pages/access-controls/access-requests/role-requests.mdx
index ed0763317aa11..8f5600e7d5464 100644
--- a/docs/pages/access-controls/access-requests/role-requests.mdx
+++ b/docs/pages/access-controls/access-requests/role-requests.mdx
@@ -155,9 +155,8 @@ to the original set of roles.
 
 ### Integrating with an external tool
 
-With Teleport's Access Request plugins, users can request, approve, and deny
-access without leaving your organization's existing messaging and project
-management solutions.
+With Teleport's Access Request plugins, users can manage Access Requests from
+within your organization's existing messaging and project management solutions.
 
 (!docs/pages/includes/access-request-integrations.mdx!)