[Doc] Clarify and add more examples to databricks_mws_network_connectivity_config and databricks_mws_ncc_private_endpoint_rule documentation (#4847)

## Changes
Clarify and add more examples to
`databricks_mws_network_connectivity_config` and
`databricks_mws_ncc_private_endpoint_rule` documentation

## Tests
<!-- 
How is this tested? Please see the checklist below and also describe any
other relevant tests
-->

- [x] relevant change in `docs/` folder
- [x] has entry in `NEXT_CHANGELOG.md` file

Author: nkvuong

NEXT_CHANGELOG.md

@@ -27,6 +27,7 @@
 * Update Databricks SQL objects documentation ([#4840](https://github.com/databricks/terraform-provider-databricks/pull/4840))
 * Improve documentation for `databricks_git_credential` resource ([#4837](https://github.com/databricks/terraform-provider-databricks/pull/4837))
 * Rename DLT references to Lakeflow Declarative pipelines ([#4842](https://github.com/databricks/terraform-provider-databricks/pull/4842))
+* Clarify and add more examples to `databricks_mws_network_connectivity_config` and `databricks_mws_ncc_private_endpoint_rule` documentation ([#4847](https://github.com/databricks/terraform-provider-databricks/pull/4847))
 
 ### Exporter
 

docs/resources/mws_ncc_private_endpoint_rule.md

@@ -11,7 +11,7 @@ Allows you to create a private endpoint in a [Network Connectivity Config](mws_n
 
 ## Example Usage
 
-Create a private endpoint to an Azure storage account
+Create private endpoints to an Azure storage account and an Azure standard load balancer.
 
 ```hcl
 variable "region" {}
@@ -29,9 +29,17 @@ resource "databricks_mws_ncc_private_endpoint_rule" "storage" {
   resource_id                    = "/subscriptions/653bb673-1234-abcd-a90b-d064d5d53ca4/resourcegroups/example-resource-group/providers/Microsoft.Storage/storageAccounts/examplesa"
   group_id                       = "blob"
 }
+
+resource "databricks_mws_ncc_private_endpoint_rule" "slb" {
+  provider                       = databricks.account
+  network_connectivity_config_id = databricks_mws_network_connectivity_config.ncc.network_connectivity_config_id
+  resource_id                    = "/subscriptions/653bb673-1234-abcd-a90b-d064d5d53ca4/resourcegroups/example-resource-group/providers/Microsoft.Network/privatelinkServices/example-private-link-service"
+  domain_names                   = ["my-example.exampledomain.com"]
+}
+
 ```
 
-Create a private endpoint rule to an AWS VPC endpoint and to an S3 bucket
+Create a private endpoint rule to an AWS VPC endpoint and to an S3 bucket.
 
 ```hcl
 variable "region" {}
@@ -46,6 +54,7 @@ resource "databricks_mws_network_connectivity_config" "ncc" {
 resource "databricks_mws_ncc_private_endpoint_rule" "storage" {
   provider                       = databricks.account
   network_connectivity_config_id = databricks_mws_network_connectivity_config.ncc.network_connectivity_config_id
+  endpoint_service               = "com.amazonaws.us-east-1.s3"
   resource_names                 = ["bucket"]
 }
 
@@ -63,23 +72,27 @@ The following arguments are available:
 
 * `network_connectivity_config_id` - Canonical unique identifier of Network Connectivity Config in Databricks Account. Change forces creation of a new resource.
 * `resource_id` - (Azure only) The Azure resource ID of the target resource. Change forces creation of a new resource.
-* `group_id` - (Azure only) The sub-resource type (group ID) of the target resource. Must be one of supported resource types (i.e., `blob`, `dfs`, `sqlServer` , etc. Consult the [Azure documentation](https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-overview#private-link-resource) for full list of supported resources). Note that to connect to workspace root storage (root DBFS), you need two endpoints, one for `blob` and one for `dfs`. Change forces creation of a new resource.
-* `domain_names` - (AWS only) Only used by private endpoints towards a VPC endpoint service behind a customer-managed VPC endpoint service. List of target AWS resource FQDNs accessible via the VPC endpoint service. Conflicts with `resource_names`.
+* `group_id` - (Azure only) Not used by customer-managed private endpoint services. The sub-resource type (group ID) of the target resource. Must be one of supported resource types (i.e., `blob`, `dfs`, `sqlServer` , etc. Consult the [Azure documentation](https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-overview#private-link-resource) for full list of supported resources). Note that to connect to workspace root storage (root DBFS), you need two endpoints, one for `blob` and one for `dfs`. Change forces creation of a new resource. Conflicts with `domain_names`.
+* `domain_names`
+  * On Azure: List of domain names of target private link service. Only used by private endpoints to customer-managed private endpoint services. Conflicts with `group_id`.
+  * On AWS: List of target resource FQDNs accessible via the VPC endpoint service. Only used by private endpoints towards a VPC endpoint service behind a customer-managed VPC endpoint service. Conflicts with `resource_names`.
 * `endpoint_service` - (AWS only) Example `com.amazonaws.vpce.us-east-1.vpce-svc-123abcc1298abc123`. The full target AWS endpoint service name that connects to the destination resources of the private endpoint.
 * `resource_names` - (AWS only) Only used by private endpoints towards AWS S3 service. List of globally unique S3 bucket names that will be accessed via the VPC endpoint. The bucket names must be in the same region as the NCC/endpoint service. Conflict with `domain_names`.
+* `enabled` - (AWS only) Activation status. Only used by private endpoints towards an AWS S3 service. Update this field to activate/deactivate this private endpoint to allow egress access from serverless compute resources. Can only be updated after a private endpoint rule towards an AWS S3 service is successfully created.
 
 ## Attribute Reference
 
 In addition to all arguments above, the following attributes are exported:
 
 * `rule_id`- the ID of a private endpoint rule.
 * `endpoint_name` - The name of the Azure private endpoint resource, e.g. "databricks-088781b3-77fa-4132-b429-1af0d91bc593-pe-3cb31234"
-* `connection_state` - The current status of this private endpoint. The private endpoint rules are effective only if the connection state is ESTABLISHED. Remember that you must approve new endpoints on your resources in the Azure portal before they take effect.
+* `connection_state` - The current status of this private endpoint. The private endpoint rules are effective only if the connection state is `ESTABLISHED`. Remember that you must approve new endpoints on your resources in the Azure portal before they take effect.
 The possible values are:
   * `PENDING`: The endpoint has been created and pending approval.
   * `ESTABLISHED`: The endpoint has been approved and is ready to be used in your serverless compute resources.
   * `REJECTED`: Connection was rejected by the private link resource owner.
   * `DISCONNECTED`: Connection was removed by the private link resource owner, the private endpoint becomes informative and should be deleted for clean-up.
+  * `EXPIRED`: If the endpoint was created but not approved in 14 days, it will be EXPIRED.  
 * `deactivated` - Whether this private endpoint is deactivated.
 * `deactivated_at` - Time in epoch milliseconds when this object was deactivated.
 * `creation_time` - Time in epoch milliseconds when this object was created.

docs/resources/mws_network_connectivity_config.md

@@ -30,7 +30,7 @@ resource "databricks_mws_ncc_binding" "ncc_binding" {
 
 The following arguments are available:
 
-* `name` - Name of Network Connectivity Config in Databricks Account. Change forces creation of a new resource.
+* `name` - Name of the network connectivity configuration. The name can contain alphanumeric characters, hyphens, and underscores. The length must be between 3 and 30 characters. The name must match the regular expression `^[0-9a-zA-Z-_]{3,30}$`. Change forces creation of a new resource.
 * `region` - Region of the Network Connectivity Config. NCCs can only be referenced by your workspaces in the same region. Change forces creation of a new resource.
 
 ## Attribute Reference
@@ -39,7 +39,7 @@ In addition to all arguments above, the following attributes are exported:
 
 * `id` - combination of `account_id` and `network_connectivity_config_id` separated by `/` character
 * `network_connectivity_config_id` - Canonical unique identifier of Network Connectivity Config in Databricks Account
-* `egress_conf` - block containing information about network connectivity rules that apply to network traffic from your serverless compute resources. Consists of the following fields:
+* `egress_config` - block containing information about network connectivity rules that apply to network traffic from your serverless compute resources. Consists of the following fields:
   * `default_rules` - block describing network connectivity rules that are applied by default without resource specific configurations.  Consists of the following fields:
     * `aws_stable_ip_rule` (AWS only) - block with information about stable AWS IP CIDR blocks. You can use these to configure the firewall of your resources to allow traffic from your Databricks workspace.  Consists of the following fields:
       * `cidr_blocks` - list of IP CIDR blocks.
@@ -49,7 +49,9 @@ In addition to all arguments above, the following attributes are exported:
       * `target_services` - the Azure services to which this service endpoint rule applies to.
   * `target_rules` - block describing network connectivity rules that configured for each destinations. These rules override default rules.  Consists of the following fields:
     * `azure_private_endpoint_rules` (Azure only) - list containing information about configure Azure Private Endpoints.
-
+    * `aws_private_endpoint_rules` (AWS only) - list containing information about configure AWS Private Endpoints.
+* `creation_time` - time in epoch milliseconds when this object was created.
+* `updated_time` - time in epoch milliseconds when this object was updated.
 
 ## Import