[docs reorganization] Move "Choose an Edition" and edit nav (#42698)

* Move "Choose an Edition" and edit nav

Integrate Choose an Edition pages into the new docs organization:

- Move Enterprise guides into the Self-Hosting Teleport section.
- Move the cloud-hosted Teleport Getting Started guide to the root of
  docs/pages so we can make it the Try Out Teleport guide.
- Move FAQ pagesfrom Choose an Edition and Home into a FAQ reference
  section.
- Remove the Documentation Overview It is no longer accurate. In
  addition, the new Table of Contents pages provide an overview.
- Remove the Teleport Cloud intro page. We're assuming that cloud-hosted
  Enterprise is the happy path, so remove a page that assumes users
  begin with Teleport Community Edition.
- Remove the Choose an Edition intro. Users who want an edition
  comparison can use the main Teleport site.
- Move External Audit Storage into the Common Operations subsection.
- Move the Cloud Downloads page to the root of the docs content
  directory until we determine a more appropriate home.

Edit the docs navigation according to the reorganization plan:

- Remove all redirects. We will add new redirects based on differences
  between the reorganized doc paths and links in Teleport sites that
  depend on them.
- Edit the sidebar configuration per the reorganization plan.
- Ensure that pages linked to on the sidebar can be visited without
  runtime errors and have reasonable titles.

* Respond to mmcallister feedback

docs/pages/access-controls/sso/overview.mdx

@@ -479,11 +479,11 @@ of SSO buttons in the Teleport Web UI.
 
 | Provider | YAML | Example |
 | - | - | - |
-| GitHub | `display: GitHub` | ![github](../../img/teleport-sso/github@2x.png) |
-| Microsoft | `display: Microsoft` | ![microsoft](../../img/teleport-sso/microsoft@2x.png) |
-| Google | `display: Google` | ![google](../../img/teleport-sso/google@2x.png) |
-| BitBucket | `display: Bitbucket` | ![bitbucket](../../img/teleport-sso/bitbucket@2x.png) |
-| OpenID | `display: Okta` | ![Okta](../../img/teleport-sso/openId@2x.png) |
+| GitHub | `display: GitHub` | ![github](../../../img/teleport-sso/github@2x.png) |
+| Microsoft | `display: Microsoft` | ![microsoft](../../../img/teleport-sso/microsoft@2x.png) |
+| Google | `display: Google` | ![google](../../../img/teleport-sso/google@2x.png) |
+| BitBucket | `display: Bitbucket` | ![bitbucket](../../../img/teleport-sso/bitbucket@2x.png) |
+| OpenID | `display: Okta` | ![Okta](../../../img/teleport-sso/openId@2x.png) |
 
 ## Troubleshooting
 
@@ -511,7 +511,7 @@ If something is not working, we recommend to:
 If you get "access denied" or other login errors, the number one place to check is the Audit
 Log. You can access it in the **Activity** tab of the Teleport Web UI.
 
-![Audit Log Entry for SSO Login error](../../img/sso/teleportauditlogssofailed.png)
+![Audit Log Entry for SSO Login error](../../../img/sso/teleportauditlogssofailed.png)
 
 Example of a user being denied because the role `clusteradmin` wasn't set up:
 

docs/pages/admin-guides.mdx

@@ -11,6 +11,7 @@ Contains guides for performing common tasks on a Teleport cluster after the init
 
 - [Backup and Restore](admin-guides/common-operations/backup-restore.mdx): How to back up and restore your Teleport cluster state.
 - [Exporting Teleport Audit Events (section)](admin-guides/common-operations/export-audit-events.mdx): Learn how to export Teleport audit events to your log management solution.
+- [External Audit Storage](admin-guides/common-operations/external-audit-storage.mdx): Store audit logs and session recordings on your own infrastructure with Teleport Enterprise Cloud.
 - [Run Teleport as a Daemon](admin-guides/common-operations/daemon.mdx): Configure Teleport to run as a daemon using systemd
 - [Secure Practices for Teleport Clusters (section)](admin-guides/common-operations/security.mdx): Highlights recommended practices and ways to harden security for your Teleport cluster.
 - [Troubleshooting](admin-guides/common-operations/troubleshooting.mdx): Troubleshooting and Collecting Metrics of Teleport Processes
@@ -21,7 +22,7 @@ Contains guides for performing common tasks on a Teleport cluster after the init
 
 Use configuration files and dynamic resources to adjust access controls, enroll infrastructure resources, and edit cluster-wide settings. ([more info](admin-guides/configure-teleport.mdx))
 
-- [Dynamic Resources (section)](admin-guides/configure-teleport/dynamic-resources.mdx): Guides to using Teleport's dynamic resources, which make it possible to apply settings to remote clusters using infrastructure as code.
+- [Infrastructure as Code Guides (section)](admin-guides/configure-teleport/dynamic-resources.mdx): Guides to using Teleport's dynamic resources, which make it possible to apply settings to remote clusters using infrastructure as code.
 - [Teleport API Introduction (section)](admin-guides/configure-teleport/api.mdx): Introduction to the Teleport gRPC API.
 
 ## Protect Infrastructure Resources
@@ -38,8 +39,11 @@ Guides for enrolling servers, databases, and other infrastructure resources with
 Guides to deploying and managing the Teleport Auth Service and Proxy Service. ([more info](admin-guides/self-hosting.mdx))
 
 - [Deploying a Self-Hosted Teleport Cluster (section)](admin-guides/self-hosting/deploy-a-cluster.mdx): Guides for deploying self-hosted Teleport clusters on various platforms and cloud providers.
+- [Enterprise License File](admin-guides/self-hosting/license.mdx): How to manage your Teleport Enterprise license file.
+- [Key Management in Self-Hosted Teleport (section)](admin-guides/self-hosting/key-management.mdx): Guides for managing private key material in self-hosted Teleport clusters.
 - [Manage a Self-Hosted Teleport Cluster (section)](admin-guides/self-hosting/management.mdx): Guides to completing common tasks on self-hosted Teleport clusters after the initial deployment.
 - [Running a Self-Hosted Teleport Demo Cluster (section)](admin-guides/self-hosting/demo-clusters.mdx): Guides to running small-scale, self-hosted Teleport clusters to test functionality.
+- [Self-Hosted Teleport Enterprise Overview](admin-guides/self-hosting/introduction.mdx): Introduction to features and benefits of using Teleport Enterprise.
 
 ## Teleport Access Controls
 

docs/pages/admin-guides/common-operations.mdx

@@ -6,6 +6,7 @@ description: Contains guides for performing common tasks on a Teleport cluster a
 {/*TOPICS*/}
 
 - [Backup and Restore](common-operations/backup-restore.mdx): How to back up and restore your Teleport cluster state.
+- [External Audit Storage](common-operations/external-audit-storage.mdx): Store audit logs and session recordings on your own infrastructure with Teleport Enterprise Cloud.
 - [Run Teleport as a Daemon](common-operations/daemon.mdx): Configure Teleport to run as a daemon using systemd
 - [Troubleshooting](common-operations/troubleshooting.mdx): Troubleshooting and Collecting Metrics of Teleport Processes
 - [Uninstall Teleport](common-operations/uninstall-teleport.mdx): How to remove Teleport from your system

docs/pages/admin-guides/configure-teleport.mdx

@@ -8,18 +8,18 @@ enroll infrastructure resources, and edit cluster-wide settings.
 
 {/*TOPICS*/}
 
-## Dynamic Resources
+## Infrastructure as Code Guides
 
 Guides to using Teleport's dynamic resources, which make it possible to apply settings to remote clusters using infrastructure as code. ([more info](configure-teleport/dynamic-resources.mdx))
 
 - [Creating Access Lists with IaC](configure-teleport/dynamic-resources/access-list.mdx): Use Infrastructure-as-Code tooling to create Teleport AccessLists.
 - [Kubernetes Operator in teleport-cluster Helm chart](configure-teleport/dynamic-resources/teleport-operator-helm.mdx): Deploy the operator alongside your Helm-deployed Teleport Cluster.
+- [Manage Teleport with Infrastructure as Code](configure-teleport/dynamic-resources/overview.mdx): An introduction to Teleport's dynamic resources, which make it possible to apply settings to remote clusters using infrastructure as code.
 - [Managing Users And Roles With IaC](configure-teleport/dynamic-resources/user-and-role.mdx): Use infrastructure-as-code tooling to create Teleport users and roles.
 - [Registering Agentless OpenSSH Servers with IaC](configure-teleport/dynamic-resources/agentless-ssh-servers.mdx): Use infrastructure-as-code tooling to register Agentless OpenSSH servers in Teleport.
 - [Set up the Teleport Terraform Provider](configure-teleport/dynamic-resources/terraform-provider.mdx): How to manage dynamic resources using the Teleport Terraform provider.
 - [Standalone Kubernetes Operator](configure-teleport/dynamic-resources/teleport-operator-standalone.mdx): Run a standalone operator against a remote Teleport cluster such as Teleport Cloud.
 - [Teleport Kubernetes Operator](configure-teleport/dynamic-resources/teleport-operator.mdx): Easily manage Teleport resources from Kubernetes
-- [Using Dynamic Resources](configure-teleport/dynamic-resources/overview.mdx): An introduction to Teleport's dynamic resources, which make it possible to apply settings to remote clusters using infrastructure as code.
 
 ## Teleport API Introduction
 

docs/pages/admin-guides/configure-teleport/dynamic-resources.mdx

@@ -1,5 +1,5 @@
 ---
-title: Dynamic Resources
+title: Infrastructure as Code Guides
 description: Guides to using Teleport's dynamic resources, which make it possible to apply settings to remote clusters using infrastructure as code.
 ---
 
@@ -11,9 +11,9 @@ infrastructure changes.
 
 - [Creating Access Lists with IaC](dynamic-resources/access-list.mdx): Use Infrastructure-as-Code tooling to create Teleport AccessLists.
 - [Kubernetes Operator in teleport-cluster Helm chart](dynamic-resources/teleport-operator-helm.mdx): Deploy the operator alongside your Helm-deployed Teleport Cluster.
+- [Manage Teleport with Infrastructure as Code](dynamic-resources/overview.mdx): An introduction to Teleport's dynamic resources, which make it possible to apply settings to remote clusters using infrastructure as code.
 - [Managing Users And Roles With IaC](dynamic-resources/user-and-role.mdx): Use infrastructure-as-code tooling to create Teleport users and roles.
 - [Registering Agentless OpenSSH Servers with IaC](dynamic-resources/agentless-ssh-servers.mdx): Use infrastructure-as-code tooling to register Agentless OpenSSH servers in Teleport.
 - [Set up the Teleport Terraform Provider](dynamic-resources/terraform-provider.mdx): How to manage dynamic resources using the Teleport Terraform provider.
 - [Standalone Kubernetes Operator](dynamic-resources/teleport-operator-standalone.mdx): Run a standalone operator against a remote Teleport cluster such as Teleport Cloud.
 - [Teleport Kubernetes Operator](dynamic-resources/teleport-operator.mdx): Easily manage Teleport resources from Kubernetes
-- [Using Dynamic Resources](dynamic-resources/overview.mdx): An introduction to Teleport's dynamic resources, which make it possible to apply settings to remote clusters using infrastructure as code.

docs/pages/admin-guides/configure-teleport/dynamic-resources/overview.mdx

@@ -1,5 +1,5 @@
 ---
-title: Using Dynamic Resources
+title: Manage Teleport with Infrastructure as Code
 description: An introduction to Teleport's dynamic resources, which make it possible to apply settings to remote clusters using infrastructure as code.
 tocDepth: 3
 ---
@@ -24,7 +24,7 @@ There are two ways to configure a Teleport cluster:
 This approach makes it possible to incrementally adjust your Teleport
 configuration without restarting Teleport instances.
 
-![Architecture of dynamic resources](../../img/dynamic-resources.png)
+![Architecture of dynamic resources](../../../../img/dynamic-resources.png)
 
 A cluster is composed of different objects (i.e., resources) and there are three
 common operations that can be performed on them: `get` , `create` , and `remove`

docs/pages/admin-guides/protect-resources.mdx

@@ -3,6 +3,17 @@ title: Protect Infrastructure Resources
 description: Guides for enrolling servers, databases, and other infrastructure resources with Teleport so you can set up secure access.
 ---
 
+You can use Teleport to set up secure access to resources in your infrastructure
+such as Linux servers, databases, and Windows desktops. 
+
+The guides in this section show you how to enroll infrastructure resources in
+your Teleport cluster.
+
+Teleport **Agents** are Teleport processes that proxy traffic to and from
+infrastructure resources.  Agents check the permissions of a user who attempts
+to access proxied resources, and only permit a connection to a resource if the
+resource's **labels** match the labels allowed by the user's role.
+
 {/*TOPICS*/}
 
 - [AWS OIDC Integration](protect-resources/awsoidc-integration.mdx): How to connect your AWS account with Teleport and provide access to AWS resources.

docs/pages/admin-guides/self-hosting.mdx

@@ -5,6 +5,9 @@ description: Guides to deploying and managing the Teleport Auth Service and Prox
 
 {/*TOPICS*/}
 
+- [Enterprise License File](self-hosting/license.mdx): How to manage your Teleport Enterprise license file.
+- [Self-Hosted Teleport Enterprise Overview](self-hosting/introduction.mdx): Introduction to features and benefits of using Teleport Enterprise.
+
 ## Deploying a Self-Hosted Teleport Cluster
 
 Guides for deploying self-hosted Teleport clusters on various platforms and cloud providers. ([more info](self-hosting/deploy-a-cluster.mdx))
@@ -15,6 +18,14 @@ Guides for deploying self-hosted Teleport clusters on various platforms and clou
 - [Reference Deployment Guides (section)](self-hosting/deploy-a-cluster/deployments.mdx): How to deploy a self-hosted Teleport cluster on different cloud providers.
 - [Running a Production Teleport Cluster](self-hosting/deploy-a-cluster/introduction.mdx): Guides to running Teleport in production.
 
+## Key Management in Self-Hosted Teleport
+
+Guides for managing private key material in self-hosted Teleport clusters. ([more info](self-hosting/key-management.mdx))
+
+- [AWS KMS](self-hosting/key-management/aws-kms.mdx): Configure Teleport to store CA private keys in the AWS Key Management Service
+- [Google Cloud KMS](self-hosting/key-management/gcp-kms.mdx): Configure Teleport to store CA private keys in the Google Cloud Key Management Service
+- [HSM Support](self-hosting/key-management/hsm.mdx): How to configure Hardware Security Modules to manage your Teleport CA private keys
+
 ## Manage a Self-Hosted Teleport Cluster
 
 Guides to completing common tasks on self-hosted Teleport clusters after the initial deployment. ([more info](self-hosting/management.mdx))

docs/pages/choose-an-edition/teleport-enterprise/introduction.mdx → docs/pages/admin-guides/self-hosting/introduction.mdx

@@ -1,6 +1,6 @@
 ---
-title: Teleport Enterprise
-description: Introduction to features and benefits of using Teleport Enterprise. Why upgrade to Teleport Enterprise?
+title: Self-Hosted Teleport Enterprise Overview
+description: Introduction to features and benefits of using Teleport Enterprise.
 h1: Teleport Enterprise
 ---
 

docs/pages/admin-guides/self-hosting/key-management.mdx

@@ -0,0 +1,10 @@
+---
+title: Key Management in Self-Hosted Teleport
+description: Guides for managing private key material in self-hosted Teleport clusters.
+---
+
+{/*TOPICS*/}
+
+- [AWS KMS](key-management/aws-kms.mdx): Configure Teleport to store CA private keys in the AWS Key Management Service
+- [Google Cloud KMS](key-management/gcp-kms.mdx): Configure Teleport to store CA private keys in the Google Cloud Key Management Service
+- [HSM Support](key-management/hsm.mdx): How to configure Hardware Security Modules to manage your Teleport CA private keys