docs: editorial review of part 2

docs/README.md

@@ -1,12 +1,12 @@
-# Seamless Deployment: From Provisioning to Runtime With the IBM Cloud VPC Landing Zone
+# Seamless Deployment: From Provisioning to Runtime With the IBM Cloud VPC landing zone
 
 The introduction of IBM Cloud [deployable architectures](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-faqs) makes it easy to provision predefined architecture in no time.
 
 ## 📖 What you will learn
 
 In this hands-on lab, you will learn how to work with the VPC landing zone deployable architecture to accomplish these goals.
 
-1. Create a customized VPC-based topology from the VPC Landing Zone deployable architecture.
+1. Create a customized VPC-based topology from the VPC landing zone deployable architecture.
 2. Deploy and expose a web application on this secure topology. For this lab, we use an Apache service as an example.
 3. Share this deployable pattern with your enterprise through the IBM Cloud private catalog.
 
@@ -18,7 +18,7 @@ Two labs are available. The two labs are independent. However, the first lab is
 
 In [Lab 1](./part1/00-objectives), you take the perspective of a cloud infrastructure engineer:
 
-1. Use the [Landing Zone Deployable Architecture](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview) to automatically deploy a secure VPC-based topology in an IBM Cloud account.
+1. Use the [landing zone deployable architecture](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview) to automatically deploy a secure VPC-based topology in an IBM Cloud account.
 2. Manually customize the deployed infrastructure in the account in the following ways:
     a. Provide operator access through a "jump box" VSI.
     b. Install an Apache server in one of the workload VPCs that serves the web pages.

docs/about/20-vpc-landing-zone.md

@@ -1,6 +1,6 @@
-# VPC Landing Zone
+# VPC landing zone
 
-IBM VPC Landing Zone (also referred to as "SLZ" for Secure Landing Zone) is [Infrastructure-As-Code](https://en.wikipedia.org/wiki/Infrastructure_as_code) automation that enables you to create a fully customizable VPC environment within a single region. The VPC Landing Zone is implemented in Terraform and automates the provisioning, configuring, and integration of several services that participate in the realization of a compliant VPC-based topology that is aligned with the documented [IBM Cloud for Financial Cloud Services Framework](./about/10-fs-cloud).
+IBM VPC landing zone (also referred to as "SLZ" for secure landing zone) is [Infrastructure-As-Code](https://en.wikipedia.org/wiki/Infrastructure_as_code) automation that enables you to create a fully customizable VPC environment within a single region. The VPC landing zone is implemented in Terraform and automates the provisioning, configuring, and integration of several services that participate in the realization of a compliant VPC-based topology that is aligned with the documented [IBM Cloud for Financial Cloud Services Framework](./about/10-fs-cloud).
 
 The automation is available as a set of [Terraform modules on GitHub](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone). The automation creates and configures all of the resources necessary to create a secure and compliant topology:
 - A resource group for cloud services and for each VPC
@@ -12,10 +12,10 @@ The automation is available as a set of [Terraform modules on GitHub](https://gi
 - Virtual Private Endpoint (VPE) for Cloud Object Storage in each VPC
 - A VPN gateway in the management VPC
 
-# Landing Zone patterns
+# Landing zone patterns
 
 
-VPC Landing Zone comes with four fully functional patterns that follow the IBM Cloud Framework for Financial Services reference architecture:
+VPC landing zone comes with four fully functional patterns that follow the IBM Cloud Framework for Financial Services reference architecture:
 
 - VPC pattern
 - VPC with Virtual Servers ("VSIs") – which the lab uses.

docs/about/30-deployable-arch.md

@@ -12,10 +12,10 @@ In other words, a user can run the Terraform automation behind a deployable arch
 
 ![Deployable architecture console](../images/about-deployable-arch.png)
 
-The Landing Zone Terraform module and patterns that are described in [🌍 VPC Landing Zone](./about/20-vpc-landing-zone.md) have a corresponding [deployable architecture](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview) in IBM Cloud. To help you learn about deployable architectures, this lab provides steps for the deployable architecture in IBM Cloud rather than by running Terraform commands against the open source GitHub version.
+The landing zone Terraform module and patterns that are described in [🌍 VPC landing zone](./about/20-vpc-landing-zone.md) have a corresponding [deployable architecture](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview) in IBM Cloud. To help you learn about deployable architectures, this lab provides steps for deploying the deployable architecture in IBM Cloud rather than by running Terraform commands against the open source GitHub version.
 
-IBM-maintained deployable architectures are just like the Landing Zone deployable architecture in these ways:
+IBM-maintained deployable architectures are just like the landing zone deployable architecture in these ways:
 
 - Provide the same level of customer support as any other IBM Cloud product
-- [Come with extensive documentation](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview)
-- Are maintained to be current over time
+- Come with extensive [documentation](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview)
+- Are maintained to stay current

docs/part1/00-objectives.md

@@ -2,7 +2,7 @@
 
 In lab 1, you provision a secure VPC-based topology that is aligned with the **VSI on VPC landing zone** deployable architecture, as shown in the following diagram.
 
-![](https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/reference-architectures/vsi-vsi.drawio.svg 'size=60%' )
+![VSI on VPC landing zone architecture diagram](https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/reference-architectures/vsi-vsi.drawio.svg 'size=60%' )
 
 
 After you provision the VPC, you customize the deployed infrastructure in the following ways:
@@ -23,7 +23,7 @@ Make sure that you meet the following prerequisites before you begin the lab.
     - An IBMid
     - API key with the following permissions
 
-        ?> _TODO_ review
+?> _TODO_ add permissions for API key
 
 - A development computer with the following software.
     - [Terraform](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli)

docs/part1/10-project.md

@@ -1,4 +1,4 @@
-# Deploying the Landing Zone VSI pattern through IBM Cloud projects
+# Deploying the landing zone VSI pattern through IBM Cloud projects
 
 1. On your computer, create an SSH key pair by issuing the following command:
 
@@ -31,7 +31,7 @@
 
     1. Click **Review deployment options** on the lower right.
     1. Click **Add to project**.
-    1. In **Create New**, enter a name for the project. For example, "\<your initials\> Landing Zone Lab". You can leave the other information as is.
+    1. In **Create New**, enter a name for the project. For example, "\<your initials> landing zone lab". You can leave the other information as is.
     1. Click **Add** on the lower right.
 
 1. Configure the project

docs/part2/00-objectives.md

@@ -1,7 +1,7 @@
-# Lab 2: Automating deployment, and sharing through a private IBM Cloud Catalog
+# Lab 2: Automating deployment and sharing through a private catalog
 
-Lab 1 shows how you can leverage existing landing-zone automation to deploy most of the topology, and then customize and deploy on top of that infrastructure.
+In lab 1, you deployed most of the landing zone topology, and then customized the infrastructure.
 
-The purpose of lab 2 is to show of the manual steps in lab 1 can be fully automated. Lab 2 will also show how the fully automated custom solution can be shared with other users in your enterprise through the [IBM Cloud Catalog](https://cloud.ibm.com/catalog).
+Now in lab 2, you use automation to accomplish what you did manually in lab 1. Lab 2 also demonstrates how you can share the fully automated custom solution with other users in your enterprise through the [IBM Cloud catalog](https://cloud.ibm.com/catalog).
 
-Lab 2 assumes a basic knowledge of [Terraform](https://www.ibm.com/topics/terraform).
+Lab 2 assumes a basic knowledge of [Terraform](https://www.ibm.com/topics/terraform).

docs/part2/10-customizing.md

@@ -1,64 +1,45 @@
 # Customizing the landing zone topology
 
-## Overview of the landing-zone customization options
-
-The Landing Zone module is designed to enable both lightweight and deep
-customizations of the VPC topology, inclusive of all associated
-services that are deployed to make the VPC topology compliant. In a nutshell, there are
-two ways the topology can be customized:
-1.  By using Terraform input variables. The module exposes over 70 input
-    variables that can be used to tweaks aspects of the VPC topology
-    that is deployed. See them as "knobs" that you can turn to slightly
-    adjust the desired VPC topology.
-2.  By using a json definition, which enables deeper and
-    broader types of customizations. The Landing Zone module accepts a json input in the form of a file or through a string containing a json definition. Using a json definition, you can fully
-    customize all aspects of the topology, beyond the use of the
-    Terraform input variables.
-
-## Defining our custom topology with a json definition
-
-In this lab, we are going to use the json-based approach to define a
-topology that matches the manual steps followed in lab 1 of the
-lab. Starting from the definition for the standard VSI landing zone pattern as a starting point, we make the following customizations:
--   Expose one of the VSI in the management VPC through a public floating IP -- this is our "jump box".
--   Add a public VPC load balancer serving public http traffic and distribiting requests to the VSIs in the workload VPC
--   All necessary adjustments to the network ACL and security group to accommodate inbound and outbound traffic to the management jump box (ssh access) and the workload (http).
-
-### Creating the json definition 
-
-There are three ways to produce a json definition that codify the desired
-topology -- ranked by order of complexity:
-1.  The first way is to use the Graphical User Inferface tool provided
-    at
-    <https://slz-gui.15z7evpngrsf.us-south.codeengine.appdomain.cloud/>
-    to guide your through a step-by-step documented wizard leading to
-    the produce a valid JSON file. The GUI tool also allows you to
-    import an existing json file and start customizations from there.
-    ![](../images/part-2/cdbc891686d226024c1d5da0aef003a858508460.png)
-2.  The second way is to start making customization through the
-    terraform input variable. The Landing Zone module has got one output
-    named "config" that contains a JSON definition that includes the
-    customizations made through the terraform input variables. From that
-    point, you can make further customization manually or through the
-    GUI tool mentioned above.
-3.  The third way is to start from a copy of the json definition of one
-    of the 4 patterns provided out-of-the-box with the Landing Zone
-    module [here](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone/tree/main/patterns)
-    . For example, the JSON file for the standard VSI-based Landing Zone
-    is located under the [vsi directory](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone/blob/main/patterns/vsi/override.json). From that point, make customization to the copy of that JSON file
-    either through the GUI or manually.
-
-### Creating the json definition
-
-In this lab, we provide the JSON file containing those customizations
-[here](https://github.com/IBM/infra-to-app-with-landing-zone/blob/main/custom-slz/override.tftpl) .
-
-?> _TODO_ ensure the gui is updated before the lab
-
-You may take a few moment to explore the content of the provided json definition:
-  1. Import the json definition in the Graphical User Inferface tool provided at <https://slz-gui.15z7evpngrsf.us-south.codeengine.appdomain.cloud/>. 
-  2. Click the Import JSON button and copy paste the content of the JSON definition.
-  ![](../images/part-2/override-gui.png)
-  3. After import, you can use the GUI to explore the various facet of the topology using the right-hand menu. Of particular interest in the scope of the customizations are the [VPC Access control](https://slz-gui.15z7evpngrsf.us-south.codeengine.appdomain.cloud/nacls), [Security Groups](https://slz-gui.15z7evpngrsf.us-south.codeengine.appdomain.cloud/securityGroups), and [Virtual Server Instances](https://slz-gui.15z7evpngrsf.us-south.codeengine.appdomain.cloud/vsi) sections. 
+## Two ways to customize
 
+The landing zone module is designed to enable both lightweight and deep customizations of the VPC topology, including all the services that are deployed to make the VPC topology compliant.
 
+In a nutshell, you can customize the topology in two ways:
+
+- By using Terraform input variables.
+
+    The module accepts more than 70 input variables that you can use to tweak the VPC topology. Consider the input variables as "knobs" that you can turn to adjust the topology.
+- By passing a JSON string value to the `override.json` variable.
+
+    The override file enables deeper and broader types of customizations. By using a JSON file, you can fully customize aspects of the topology beyond what you can achieve with Terraform input variables.
+
+## Defining our custom topology with a JSON definition
+
+In this lab, you use the JSON override file to define a topology that matches the manual steps that you followed in the lab 1.
+
+As a refresher, here's what you did in lab 1:
+
+- Created a VPC-topology based on the standard SLZ pattern.
+- Exposed one VSI in the management VPC through a public floating IP address (our "jump box").
+- Exposed one VSI in the workload VPC behind a public load balancer.
+- Made the necessary adjustments to the network ACL and security group to accommodate inbound and outbound traffic to the management jump box and the workload.
+
+### Creating the JSON definition
+
+You can create a JSON file that codifies the topology that you want in one of three ways. The following list orders the methods from least complex to most complex:
+
+- Use the [secure landing zone wizard](https://slz-gui.15z7evpngrsf.us-south.codeengine.appdomain.cloud/) to produce a valid JSON file.
+
+    The wizard also supports importing an existing JSON file and start from there.
+
+    ![screenshot of the secure landing zone wizard](../images/part-2/cdbc891686d226024c1d5da0aef003a858508460.png)
+- Customize the definition through a Terraform input variable.
+
+    The landing zone module produces an output that is named `config`. The `config` output contains a JSON definition with all the customizations that are made through the Terraform input variables. You can start with this output and make more customizations, either manually or through the wizard in the previous method.
+- The third way is to start from a copy of the JSON definition in one of the four [patterns](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone/tree/main/patterns) that are provided with the landing zone module.
+
+    For example, the JSON file for the standard VSI-based landing zone is located under the [vsi](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone/blob/main/patterns/vsi/override.json) directory. You can customize a copy of that JSON pattern file either manually or through the wizard.
+
+### Creating the JSON definition
+
+For this lab, use the customized JSON file at https://github.com/IBM/infra-to-app-with-landing-zone/blob/main/custom-slz/override.tftpl.