address review comments

docs/pages/database-access/guides/mysql-cloudsql.mdx

@@ -32,7 +32,7 @@ with Cloud SQL MySQL instances.
 
 (!docs/pages/includes/database-access/cloudsql_enable_iam_auth.mdx type="MySQL" !)
 
-## Step 2/7. Create a service account to access the MySQL instance
+## Step 2/7. Create a service account for a database user
 
 Teleport uses service accounts to connect to Cloud SQL databases.
 
@@ -249,7 +249,7 @@ proxy_service:
 
 (!docs/pages/includes/database-access/cloudsql_service_credentials.mdx!)
 
-## Step 5/5. Connect
+## Step 7/7. Connect
 
 Once the Database Service has joined the cluster, log in to see the available
 databases:
@@ -327,3 +327,11 @@ ERROR 1105 (HY000): Could not update Cloud SQL user "<username>" password:
 Connecting as built-in database users with passwords are not supported for
 Cloud SQL replica instances. Please follow this guide to use IAM authentication
 instead.
+
+## Next steps
+
+(!docs/pages/includes/database-access/guides-next-steps.mdx!)
+
+- Learn more about [authenticating as a service
+  account](https://cloud.google.com/docs/authentication#service-accounts) in
+  Google Cloud.

docs/pages/database-access/guides/postgres-cloudsql.mdx

@@ -33,7 +33,7 @@ with Cloud SQL PostgreSQL instances.
 
 (!docs/pages/includes/database-access/cloudsql_enable_iam_auth.mdx type="PostgreSQL" !)
 
-## Step 2/7. Create a service account to access the PostgreSQL instance
+## Step 2/7. Create a service account for a database user
 
 Teleport uses service accounts to connect to Cloud SQL databases.
 
@@ -292,7 +292,7 @@ $ tsh db connect --db-user=teleport@<project-id>.iam --db-name=postgres cloudsql
 
   When connecting to the database, use the name of the database's service account
   that you added as an IAM database user
-  [above](#step-27-create-a-service-account-to-access-the-postgresql-instance),
+  [above](#step-27-create-a-service-account-for-a-database-user),
   minus the `.gserviceaccount.com` suffix. The database user name is shown on
   the Users page of your Cloud SQL instance.
 
@@ -310,3 +310,11 @@ $ tsh db logout
 ## Troubleshooting
 
 (!docs/pages/includes/database-access/pg-cancel-request-limitation.mdx!)
+
+## Next steps
+
+(!docs/pages/includes/database-access/guides-next-steps.mdx!)
+
+- Learn more about [authenticating as a service
+  account](https://cloud.google.com/docs/authentication#service-accounts) in
+  Google Cloud.

docs/pages/includes/database-access/cloudsql_create_db_user_account.mdx

@@ -1,7 +1,7 @@
 ### Create a service account
 
 Go to the IAM & Admin [Service Accounts](https://console.cloud.google.com/iam-admin/serviceaccounts)
-jage and create a new service account:
+page and create a new service account:
 
 ![Create Service Account](../../../img/database-access/guides/cloudsql/[email protected])
 

docs/pages/includes/database-access/cloudsql_enable_iam_auth.mdx

@@ -10,5 +10,5 @@ look for the flag on the Configuration panel on the instance's Overview page:
 ![Check IAM Authentication](../../../img/database-access/guides/cloudsql/[email protected])
 
 If it isn't enabled, you can add this flag using the "Edit configuration" dialog
-at the bottom of the Configuration panel. Note, changing this setting may
-require a database instance reboot.
+at the bottom of the Configuration panel. Changing this setting may require a
+database instance reboot.

docs/pages/includes/database-access/cloudsql_service_credentials.mdx

@@ -1,6 +1,5 @@
-The Teleport Database Service must have credentials of `teleport-db-service`
-GCP service account we created in step 3 in order to be able to generate IAM auth
-tokens.
+The Teleport Database Service must have credentials for the
+`teleport-db-service` GCP service account we created in step 3.
 
 If the Teleport Database Service is hosted on a VM, you can [change the
 attached service
@@ -13,7 +12,3 @@ point to the JSON credentials file you downloaded earlier. If you are using
 ```code
 $ echo 'GOOGLE_APPLICATION_CREDENTIALS=/path/to/credentials.json' | sudo tee -a /etc/default/teleport
 ```
-
-See [Authenticating as a service
-account](https://cloud.google.com/docs/authentication/production) in the Google
-Cloud documentation for more details.