docs: complete Cloud section content

- Overview with three-tier model explanation
- Full API layer documentation
- Databases commands (migrated from core-resources)
- Subscriptions commands (migrated from core-resources)
- Access control (users, roles, ACLs)
- Networking (VPC, PSC, Transit Gateway)
- Tasks monitoring
- Workflows documentation

Author: joshrotenberg

docs/src/cloud/api.md

@@ -1,41 +1,175 @@
 # Cloud API Layer
 
-Direct REST access to the Redis Cloud API.
+Direct REST access to the Redis Cloud API for scripting and automation.
 
 ## Overview
 
-The API layer provides raw access to all Redis Cloud REST endpoints. Use this for:
-- Scripting and automation
-- Accessing endpoints not yet wrapped in human commands
-- CI/CD pipelines
+The API layer lets you call any Redis Cloud REST endpoint directly. It's like a smart curl with:
+- Automatic authentication
+- Profile support
+- Output formatting
 
-## Authentication
+## Usage
 
-Uses `x-api-key` and `x-api-secret-key` headers. Configure via profile or environment variables.
+```bash
+redisctl api cloud <method> <endpoint> [options]
+```
 
-## Usage
+**Methods:** `get`, `post`, `put`, `delete`
+
+## Examples
+
+### GET Requests
 
 ```bash
-# GET request
+# Account info
+redisctl api cloud get /
+
+# List subscriptions
 redisctl api cloud get /subscriptions
 
-# POST request with data
-redisctl api cloud post /subscriptions -d '{"name": "test", ...}'
+# Get specific subscription
+redisctl api cloud get /subscriptions/123456
 
-# PUT request
-redisctl api cloud put /subscriptions/123 -d '{"name": "updated"}'
+# List databases
+redisctl api cloud get /subscriptions/123456/databases
 
-# DELETE request
-redisctl api cloud delete /subscriptions/123/databases/456
+# Get specific database
+redisctl api cloud get /subscriptions/123456/databases/789
 ```
 
+### POST Requests
+
+```bash
+# Create subscription
+redisctl api cloud post /subscriptions -d @subscription.json
+
+# Create database
+redisctl api cloud post /subscriptions/123456/databases -d '{
+  "name": "mydb",
+  "memoryLimitInGb": 1
+}'
+```
+
+### PUT Requests
+
+```bash
+# Update database
+redisctl api cloud put /subscriptions/123456/databases/789 -d '{
+  "memoryLimitInGb": 2
+}'
+```
+
+### DELETE Requests
+
+```bash
+# Delete database
+redisctl api cloud delete /subscriptions/123456/databases/789
+
+# Delete subscription
+redisctl api cloud delete /subscriptions/123456
+```
+
+## Options
+
+| Option | Description |
+|--------|-------------|
+| `-d, --data <JSON>` | Request body (inline or @file) |
+| `-o, --output <FORMAT>` | Output format (json, yaml, table) |
+| `-q, --query <JMESPATH>` | Filter output |
+
 ## Common Endpoints
 
-- `/account` - Account information
-- `/subscriptions` - Subscription management
-- `/subscriptions/{id}/databases` - Database operations
-- `/acl/users` - User management
-- `/acl/roles` - Role management
-- `/tasks` - Async task status
+### Account
+- `GET /` - Account info
+- `GET /payment-methods` - Payment methods
+- `GET /regions` - Available regions
+
+### Subscriptions
+- `GET /subscriptions` - List all
+- `POST /subscriptions` - Create
+- `GET /subscriptions/{id}` - Get one
+- `PUT /subscriptions/{id}` - Update
+- `DELETE /subscriptions/{id}` - Delete
+
+### Databases
+- `GET /subscriptions/{id}/databases` - List
+- `POST /subscriptions/{id}/databases` - Create
+- `GET /subscriptions/{id}/databases/{dbId}` - Get
+- `PUT /subscriptions/{id}/databases/{dbId}` - Update
+- `DELETE /subscriptions/{id}/databases/{dbId}` - Delete
+
+### ACL
+- `GET /acl/users` - List users
+- `GET /acl/roles` - List roles
+- `GET /acl/redisRules` - List Redis rules
+
+### Networking
+- `GET /subscriptions/{id}/peerings` - VPC peerings
+- `GET /subscriptions/{id}/privateServiceConnect` - PSC
+- `GET /subscriptions/{id}/transitGateway` - Transit Gateway
+
+### Tasks
+- `GET /tasks` - List tasks
+- `GET /tasks/{taskId}` - Get task
+
+## Scripting Examples
+
+### Create and Wait
+
+```bash
+# Create database
+TASK_ID=$(redisctl api cloud post /subscriptions/123/databases \
+  -d @database.json \
+  -q 'taskId')
+
+# Poll for completion
+while true; do
+  STATUS=$(redisctl api cloud get /tasks/$TASK_ID -q 'status')
+  [ "$STATUS" = "processing-completed" ] && break
+  [ "$STATUS" = "processing-error" ] && exit 1
+  sleep 10
+done
+
+# Get result
+redisctl api cloud get /tasks/$TASK_ID -q 'response.resourceId'
+```
+
+### Bulk Operations
+
+```bash
+# Get all database IDs
+DBS=$(redisctl api cloud get /subscriptions/123/databases -q '[].databaseId')
+
+# Process each
+for db in $(echo $DBS | jq -r '.[]'); do
+  redisctl api cloud get /subscriptions/123/databases/$db
+done
+```
+
+### Export to File
+
+```bash
+# Save subscription config
+redisctl api cloud get /subscriptions/123 > subscription.json
+
+# Save all databases
+redisctl api cloud get /subscriptions/123/databases > databases.json
+```
+
+## When to Use API Layer
+
+**Use API layer when:**
+- Endpoint isn't wrapped in human commands yet
+- You need exact control over the request
+- Building automation scripts
+- Exploring the API
+
+**Use human commands when:**
+- There's a command for what you need
+- You want built-in `--wait` support
+- You prefer ergonomic flags over JSON
+
+## API Documentation
 
-TODO: Move detailed content from common-features/raw-api.md
+Full API documentation: [Redis Cloud API Docs](https://api.redislabs.com/v1/swagger-ui.html)

docs/src/cloud/commands/access-control.md

@@ -1,5 +1,153 @@
 # Cloud Access Control
 
-User and ACL management.
+Manage users, roles, and ACLs for Redis Cloud.
 
-TODO: Consolidate from access-control/users.md and access-control/acl.md
+## Users
+
+### List Users
+
+```bash
+redisctl cloud user list
+```
+
+### Get User
+
+```bash
+redisctl cloud user get <user-id>
+```
+
+### Create User
+
+```bash
+redisctl cloud user create --data '{
+  "name": "app-user",
+  "email": "[email protected]",
+  "role": "viewer"
+}'
+```
+
+### Update User
+
+```bash
+redisctl cloud user update <user-id> --data '{
+  "role": "member"
+}'
+```
+
+### Delete User
+
+```bash
+redisctl cloud user delete <user-id>
+```
+
+## Roles
+
+### List Roles
+
+```bash
+redisctl cloud acl role list
+```
+
+### Get Role
+
+```bash
+redisctl cloud acl role get <role-id>
+```
+
+### Create Role
+
+```bash
+redisctl cloud acl role create --data '{
+  "name": "read-only",
+  "redisRules": [
+    {
+      "ruleName": "Read-Only",
+      "databases": [
+        {"subscriptionId": 123456, "databaseId": 789}
+      ]
+    }
+  ]
+}'
+```
+
+### Update Role
+
+```bash
+redisctl cloud acl role update <role-id> --data '{
+  "name": "read-write"
+}'
+```
+
+### Delete Role
+
+```bash
+redisctl cloud acl role delete <role-id>
+```
+
+## Redis Rules
+
+Redis ACL rules define permissions at the Redis command level.
+
+### List Redis Rules
+
+```bash
+redisctl cloud acl redis-rule list
+```
+
+### Get Redis Rule
+
+```bash
+redisctl cloud acl redis-rule get <rule-id>
+```
+
+### Create Redis Rule
+
+```bash
+redisctl cloud acl redis-rule create --data '{
+  "name": "Read-Only",
+  "acl": "+@read ~*"
+}'
+```
+
+### Common ACL Patterns
+
+| Pattern | Description |
+|---------|-------------|
+| `+@all ~*` | Full access to all keys |
+| `+@read ~*` | Read-only access |
+| `+@write ~cache:*` | Write only to cache:* keys |
+| `-@dangerous` | Deny dangerous commands |
+
+## Examples
+
+### Set Up Read-Only User
+
+```bash
+# Create redis rule
+redisctl cloud acl redis-rule create --data '{
+  "name": "readonly-rule",
+  "acl": "+@read -@dangerous ~*"
+}'
+
+# Create role with rule
+redisctl cloud acl role create --data '{
+  "name": "readonly-role",
+  "redisRules": [{"ruleName": "readonly-rule", "databases": [...]}]
+}'
+```
+
+### Audit Access
+
+```bash
+# List all users and their roles
+redisctl cloud user list -q "[].{name:name,role:role,email:email}" -o table
+```
+
+## API Reference
+
+These commands use the following REST endpoints:
+- `GET/POST /v1/acl/users` - User management
+- `GET/POST /v1/acl/roles` - Role management
+- `GET/POST /v1/acl/redisRules` - Redis rule management
+
+For direct API access: `redisctl api cloud get /acl/users`