diff --git a/docs/pages/enroll-resources/machine-id/deployment/github-actions.mdx b/docs/pages/enroll-resources/machine-id/deployment/github-actions.mdx
index ac013be01469..23d64e94cf83 100644
--- a/docs/pages/enroll-resources/machine-id/deployment/github-actions.mdx
+++ b/docs/pages/enroll-resources/machine-id/deployment/github-actions.mdx
@@ -277,6 +277,13 @@ spec:
- editor
```
+
+This example assumes the role is version `v6`. If you are using a `v7`+ role
+you will need to include `verbs: ["get", "list"]` for the `kind: pod` section
+in `kubernetes_resources`. Otherwise the example `kubectl get pods -A` execution
+will be denied.
+
+
With that privileges granted, you can now create the GitHub Actions workflow.
Create `.github/workflows/example.yaml`:
diff --git a/docs/pages/enroll-resources/machine-id/getting-started.mdx b/docs/pages/enroll-resources/machine-id/getting-started.mdx
index dfdaf84dc424..c6cf0168e429 100644
--- a/docs/pages/enroll-resources/machine-id/getting-started.mdx
+++ b/docs/pages/enroll-resources/machine-id/getting-started.mdx
@@ -49,17 +49,8 @@ Before you create a bot user, you need to determine which role(s) you want to
assign to it. You can use the `tctl` command below to examine what roles exist
on your system.
-
-
On your client machine, log in to Teleport using `tsh`, then use `tctl` to examine
what roles exist on your system.
-
-
-Connect to the Teleport Auth Server and use `tctl` to examine what roles exist on
-your system.
-
-
-
```code
$ tctl get roles --format=text
@@ -179,29 +170,10 @@ this by omitting this.
Replace the following fields with values from your own cluster.
-
-
-
-- `token` is the token output by the `tctl bots add` command or the name of your IAM method token.
-- `destination-dir` is where Machine ID writes user certificates that can be used by applications and tools.
-- `data-dir` is where Machine ID writes its private data, including its own short-lived renewable certificates. These should not be used by applications and tools.
-- `auth-server` is the address of your Teleport Cloud Proxy Server, for example `example.teleport.sh:443`.
-
-
-
-
- `token` is the token output by the `tctl bots add` command or the name of your IAM method token.
-- `ca-pin` is the CA Pin for your Teleport cluster, and is output by the `tctl bots add` command.
- `destination-dir` is where Machine ID writes user certificates that can be used by applications and tools.
- `data-dir` is where Machine ID writes its private data, including its own short-lived renewable certificates. These should not be used by applications and tools.
-- `auth-server` is typically the address of your Teleport Proxy Server
- (`teleport.example.com:443`), but can also be the address of the
- Auth Server is direct connectivity is available.
- `teleport.example.com:443`.
-
-
-
-
+- `proxy-server` is the address of your Teleport Proxy service, for example `example.teleport.sh:443`.
Now that Machine ID has successfully started, let's investigate the
`/opt/machine-id` directory to see what was written to disk.
@@ -257,19 +229,9 @@ $ ssh -F /opt/machine-id/ssh_config root@node-name.example.com
In addition to the `ssh` client you can use `tsh`. Replace the `--proxy` parameter
with your proxy address.
-
-
-```code
-$ tsh ssh --proxy=teleport.example.com -i /opt/machine-id/identity root@node-name
-```
-
-
```code
$ tsh ssh --proxy=mytenant.teleport.sh -i /opt/machine-id/identity root@node-name
```
-
-
-
The below error can occur when the bot does not have permission to log in to