cloud: use sections instead of tabs for S3 configuration instructions (#20503)

Author: qiancai

tidb-cloud/config-s3-and-gcs-access.md

@@ -11,13 +11,12 @@ If you need to configure these external storages for TiDB Cloud Serverless clust
 
 ## Configure Amazon S3 access
 
-To allow TiDB Cloud to access the source data in your Amazon S3 bucket, you need to configure the bucket access for TiDB Cloud. You can use either of the following methods to configure the bucket access:
+To allow a TiDB Cloud Dedicated cluster to access the source data in your Amazon S3 bucket, configure the bucket access for the cluster using either of the following methods:
 
-- Use an AWS access key: use the access key of an IAM user to access your Amazon S3 bucket.
-- Use a Role ARN: use a Role ARN to access your Amazon S3 bucket.
+- [Use a Role ARN](#configure-amazon-s3-access-using-a-role-arn): use a Role ARN to access your Amazon S3 bucket.
+- [Use an AWS access key](#configure-amazon-s3-access-using-an-aws-access-key): use the access key of an IAM user to access your Amazon S3 bucket.
 
-<SimpleTab>
-<div label="Role ARN">
+### Configure Amazon S3 access using a Role ARN
 
 Configure the bucket access for TiDB Cloud and get the Role ARN as follows:
 
@@ -127,8 +126,7 @@ Configure the bucket access for TiDB Cloud and get the Role ARN as follows:
 
 4. In the TiDB Cloud console, go to the **Data Import** page where you get the TiDB Cloud account ID and external ID, and then paste the role ARN to the **Role ARN** field.
 
-</div>
-<div label="Access Key">
+### Configure Amazon S3 access using an AWS access key
 
 It is recommended that you use an IAM user (instead of the AWS account root user) to create an access key.
 
@@ -151,9 +149,6 @@ Take the following steps to configure an access key:
 >
 > TiDB Cloud does not store your access keys. It is recommended that you [delete the access key](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html#Using_CreateAccessKey) after the import is complete.
 
-</div>
-</SimpleTab>
-
 ## Configure GCS access
 
 To allow TiDB Cloud to access the source data in your GCS bucket, you need to configure the GCS access for the bucket. Once the configuration is done for one TiDB cluster in a project, all TiDB clusters in that project can access the GCS bucket.

tidb-cloud/serverless-external-storage.md

@@ -11,13 +11,12 @@ If you need to configure these external storages for a TiDB Cloud Dedicated clus
 
 ## Configure Amazon S3 access
 
-To allow a TiDB Cloud Serverless cluster to access your Amazon S3 bucket, you need to configure the bucket access for the cluster. You can use either of the following methods to configure the bucket access:
+To allow a TiDB Cloud Serverless cluster to access the source data in your Amazon S3 bucket, configure the bucket access for the cluster using either of the following methods:
 
-- Use a Role ARN: use a Role ARN to access your Amazon S3 bucket.
-- Use an AWS access key: use the access key of an IAM user to access your Amazon S3 bucket.
+- [Use a Role ARN](#configure-amazon-s3-access-using-a-role-arn): use a Role ARN to access your Amazon S3 bucket.
+- [Use an AWS access key](#configure-amazon-s3-access-using-an-aws-access-key): use the access key of an IAM user to access your Amazon S3 bucket.
 
-<SimpleTab>
-<div label="Role ARN">
+### Configure Amazon S3 access using a Role ARN
 
 It is recommended that you use [AWS CloudFormation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html) to create a role ARN. Take the following steps to create one:
 
@@ -34,25 +33,25 @@ It is recommended that you use [AWS CloudFormation](https://docs.aws.amazon.com/
         1. Click **Import from S3**.
         2. Fill in the **File URI** field.
         3. Choose **AWS Role ARN** and click **Click here to create new one with AWS CloudFormation**.
-        
+
     - If you want to export data to Amazon S3, open the **Add New ARN** dialog as follows:
 
         1. Click **Export data to...**  > **Amazon S3**. If your cluster has neither imported nor exported any data before, click **Click here to export data to...** > **Amazon S3** at the bottom of the page.
         2. Fill in the **Folder URI** field.
-        3. Choose **AWS Role ARN** and click **Click here to create new one with AWS CloudFormation**.       
-   
+        3. Choose **AWS Role ARN** and click **Click here to create new one with AWS CloudFormation**.
+
 3. Create a role ARN with an AWS CloudFormation template.
 
     1. In the **Add New ARN** dialog, click **AWS Console with CloudFormation Template**.
-   
+
     2. Log in to the [AWS Management Console](https://console.aws.amazon.com) and you will be redirected to the AWS CloudFormation **Quick create stack** page.
 
     3. Fill in the **Role Name**.
 
     4. Acknowledge to create a new role and click **Create stack** to create the role ARN.
 
     5. After the CloudFormation stack is executed, you can click the **Outputs** tab and find the Role ARN value in the **Value** column.
-   
+
         ![img.png](/media/tidb-cloud/serverless-external-storage/serverless-role-arn.png)
 
 If you have any trouble creating a role ARN with AWS CloudFormation, you can take the following steps to create one manually:
@@ -65,7 +64,7 @@ If you have any trouble creating a role ARN with AWS CloudFormation, you can tak
 2. In the AWS Management Console, create a managed policy for your Amazon S3 bucket.
 
     1. Sign in to the [AWS Management Console](https://console.aws.amazon.com/) and open the [Amazon S3 console](https://console.aws.amazon.com/s3/).
-   
+
     2. In the **Buckets** list, choose the name of your bucket with the source data, and then click **Copy ARN** to get your S3 bucket ARN (for example, `arn:aws:s3:::tidb-cloud-source-data`). Take a note of the bucket ARN for later use.
 
         ![Copy bucket ARN](/media/tidb-cloud/copy-bucket-arn.png)
@@ -75,7 +74,7 @@ If you have any trouble creating a role ARN with AWS CloudFormation, you can tak
         ![Create a policy](/media/tidb-cloud/aws-create-policy.png)
 
     4. On the **Create policy** page, click the **JSON** tab.
-   
+
     5. Configure the policy in the policy text field according to your needs. The following is an example that you can use to export data from and import data into a TiDB Cloud Serverless cluster.
 
         - Exporting data from a TiDB Cloud Serverless cluster needs the **s3:PutObject** and **s3:ListBucket** permissions.
@@ -109,11 +108,11 @@ If you have any trouble creating a role ARN with AWS CloudFormation, you can tak
 
         In the policy text field, replace the following configurations with your own values.
 
-        - `"Resource": "<Your S3 bucket ARN>/<Directory of the source data>/*"`. For example, 
-        
-            - If your source data is stored in the root directory of the `tidb-cloud-source-data` bucket, use `"Resource": "arn:aws:s3:::tidb-cloud-source-data/*"`. 
-            - If your source data is stored in the `mydata` directory of the bucket, use `"Resource": "arn:aws:s3:::tidb-cloud-source-data/mydata/*"`. 
-            
+        - `"Resource": "<Your S3 bucket ARN>/<Directory of the source data>/*"`. For example:
+
+            - If your source data is stored in the root directory of the `tidb-cloud-source-data` bucket, use `"Resource": "arn:aws:s3:::tidb-cloud-source-data/*"`.
+            - If your source data is stored in the `mydata` directory of the bucket, use `"Resource": "arn:aws:s3:::tidb-cloud-source-data/mydata/*"`.
+
           Make sure that `/*` is added to the end of the directory so TiDB Cloud can access all files in this directory.
 
         - `"Resource": "<Your S3 bucket ARN>"`, for example, `"Resource": "arn:aws:s3:::tidb-cloud-source-data"`.
@@ -150,18 +149,16 @@ If you have any trouble creating a role ARN with AWS CloudFormation, you can tak
         - In **Options**, click **Require external ID (Best practice when a third party will assume this role)**, and then paste the TiDB Cloud External ID to the **External ID** field. If the role is created without a Require external ID, once the configuration is done for one TiDB cluster in a project, all TiDB clusters in that project can use the same Role ARN to access your Amazon S3 bucket. If the role is created with the account ID and external ID, only the corresponding TiDB cluster can access the bucket.
 
     3. Click **Next** to open the policy list, choose the policy you just created, and then click **Next**.
-   
+
     4. In **Role details**, set a name for the role, and then click **Create role** in the lower-right corner. After the role is created, the list of roles is displayed.
-   
+
     5. In the list of roles, click the name of the role that you just created to go to its summary page, and then you can get the role ARN.
 
         ![Copy AWS role ARN](/media/tidb-cloud/aws-role-arn.png)
 
 </details>
 
-</div>
-
-<div label="Access Key">
+### Configure Amazon S3 access using an AWS access key
 
 It is recommended that you use an IAM user (instead of the AWS account root user) to create an access key.
 
@@ -177,9 +174,6 @@ Take the following steps to configure an access key:
 >
 > TiDB Cloud does not store your access keys. It is recommended that you [delete the access key](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html#Using_CreateAccessKey) after the import or export is complete.
 
-</div>
-</SimpleTab>
-
 ## Configure GCS access
 
 To allow a TiDB Cloud Serverless cluster to access your GCS bucket, you need to configure the GCS access for the bucket. You can use a service account key to configure the bucket access: