diff --git a/website/content/docs/configuration/session-recording/create-storage-bucket.mdx b/website/content/docs/configuration/session-recording/create-storage-bucket.mdx
index 1d0b2c9f81..f98fa565d2 100644
--- a/website/content/docs/configuration/session-recording/create-storage-bucket.mdx
+++ b/website/content/docs/configuration/session-recording/create-storage-bucket.mdx
@@ -27,6 +27,60 @@ Select a storage provider.
 Complete the following steps to create a storage bucket in Boundary.
 
 <Tabs>
+<Tab heading="UI">
+
+1. Log in to Boundary.
+1. Click **Storage Buckets** in the navigation bar.
+1. Click **New Storage Bucket**.
+1. Complete the following fields to create the Boundary storage bucket:
+   - **Name**: (Optional) The name field is optional, but if you enter a name it must be unique.
+   - **Description**: (Optional) An optional description of the Boundary storage bucket for identification purposes.
+   - **Scope**: (Required) A storage bucket can belong to the Global scope or an Org scope.
+   It can only associated with targets from the scope it belongs to.
+   - **Provider**: (Required) The external storage bucket provider.
+   - **Bucket name**: (Required) Name of the AWS bucket you want to associate with the Boundary storage bucket.
+   - **Bucket prefix**: (Optional) A base path where session recordings are stored.
+   - **Region**: (Required) The AWS region to use.
+   - **Credential type**: (Required) The type of credential you want to use to authenticate to the external storage.
+   The required fields for creating a storage bucket vary depending on whether you configured the Amazon S3 bucket with static or dynamic credentials:
+      - **Static**: Authenticates to the storage bucket using an access key that AWS generates.
+      - **Dynamic**: Authenticates to the storage bucket using credentials that were generated by AWS `AssumeRole`.
+
+   <Tabs>
+   <Tab heading="Static credentials">
+
+   - **Access key ID**: (Required) The access key ID that AWS generates for the IAM user to use with the storage bucket.
+   - **Secret access key**: (Required) The secret access key that AWS generates for the IAM user to use with this storage bucket.
+   - **Worker filter**: (Required) A filter that indicates which Boundary workers have access to the storage. The filter must match an existing worker in order to create a Boundary storage bucket.
+   - **Disable credential rotation**: (Optional) Prevents the AWS plugin from automatically rotating credentials.
+
+      Although credentials are stored encrypted in Boundary, by default the [AWS plugin](https://github.com/hashicorp/boundary-plugin-aws) attempts to rotate the credentials you provide.
+      The given credentials are used to create a new credential, and then the original credential is revoked.
+      After rotation, only Boundary knows the client secret the plugin uses.
+
+   </Tab>
+
+   <Tab heading="Dynamic credentials">
+
+   - **Role ARN**: (Required) The ARN (Amazon Resource Name) role that is attached to the EC2 instance that the self-managed worker runs on.
+   - **Role external ID**: (Optional) A required value if you delegate third party access to your AWS resources.
+   For more information, refer to the AWS documentation for [How to use an external ID when granting access to your AWS resources to a third party](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html).
+   - **Role session name**: (Optional) A unique identifier for the AWS session.
+   You can use this value to control how IAM principals and applications name their role sesions when they assume an IAM role.
+   By providing a session name, you enable tracking session actions in AWS CloudTrail logs.
+   For more information, refer to the AWS documentation for [Logging IAM and AWS STS API calls with AWS CloudTrail](https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html).
+   - **Role tags**: An object with key-value pair attributes that is passed when you assume an IAM role.
+   For more information, refer to the AWS documentation for [Passing session tags in AWS STS](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html).
+   - **Worker filter**: (Required) A filter that indicates which Boundary workers have access to the storage. The filter must match an existing worker in order to create a Boundary storage bucket.
+   - **Disable credential rotation**: (Required) Prevents the AWS plugin from automatically rotating credentials.
+   This option is required if you use dynamic credentials.
+
+   </Tab>
+   </Tabs>
+
+1. Click **Save**.
+
+</Tab>
 <Tab heading="CLI">
 
 The required fields for creating a storage bucket depend on whether you configured the Amazon S3 bucket with static or dynamic credentials:
@@ -100,7 +154,20 @@ The required fields for creating a storage bucket depend on whether you configur
 </Tabs>
 
 </Tab>
+</Tabs>
+
+</Tab>
+<Tab heading="MinIO">
+
+Complete the following steps to create a storage bucket in Boundary.
+
+<Note>
+
+  MinIO requires a service account to set up a Boundary storage bucket. Refer to the [Configure MinIO](/boundary/docs/configuration/session-recording/storage-providers/configure-minio#minio-requirements) page to learn more.
 
+</Note>
+
+<Tabs>
 <Tab heading="UI">
 
 1. Log in to Boundary.
@@ -112,65 +179,19 @@ The required fields for creating a storage bucket depend on whether you configur
    - **Scope**: (Required) A storage bucket can belong to the Global scope or an Org scope.
    It can only associated with targets from the scope it belongs to.
    - **Provider**: (Required) The external storage bucket provider.
+   - **Endpoint URL**: (Required) The fully-qualified endpoint pointing to a MinIO S3 API.
    - **Bucket name**: (Required) Name of the AWS bucket you want to associate with the Boundary storage bucket.
-   - **Bucket prefix**: (Optional) A base path where session recordings are stored.
-   - **Region**: (Required) The AWS region to use.
-   - **Credential type**: (Required) The type of credential you want to use to authenticate to the external storage.
-   The required fields for creating a storage bucket vary depending on whether you configured the Amazon S3 bucket with static or dynamic credentials:
-      - **Static**: Authenticates to the storage bucket using an access key that AWS generates.
-      - **Dynamic**: Authenticates to the storage bucket using credentials that were generated by AWS `AssumeRole`.
-
-   <Tabs>
-   <Tab heading="Static credentials">
-
-   - **Access key ID**: (Required) The access key ID that AWS generates for the IAM user to use with the storage bucket.
-   - **Secret access key**: (Required) The secret access key that AWS generates for the IAM user to use with this storage bucket.
-   - **Worker filter**: (Required) A filter that indicates which Boundary workers have access to the storage. The filter must match an existing worker in order to create a Boundary storage bucket.
-   - **Disable credential rotation**: (Optional) Prevents the AWS plugin from automatically rotating credentials.
-
-      Although credentials are stored encrypted in Boundary, by default the [AWS plugin](https://github.com/hashicorp/boundary-plugin-aws) attempts to rotate the credentials you provide.
-      The given credentials are used to create a new credential, and then the original credential is revoked.
-      After rotation, only Boundary knows the client secret the plugin uses.
-
-   </Tab>
-
-   <Tab heading="Dynamic credentials">
-
-   - **Role ARN**: (Required) The ARN (Amazon Resource Name) role that is attached to the EC2 instance that the self-managed worker runs on.
-   - **Role external ID**: (Optional) A required value if you delegate third party access to your AWS resources.
-   For more information, refer to the AWS documentation for [How to use an external ID when granting access to your AWS resources to a third party](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html).
-   - **Role session name**: (Optional) A unique identifier for the AWS session.
-   You can use this value to control how IAM principals and applications name their role sesions when they assume an IAM role.
-   By providing a session name, you enable tracking session actions in AWS CloudTrail logs.
-   For more information, refer to the AWS documentation for [Logging IAM and AWS STS API calls with AWS CloudTrail](https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html).
-   - **Role tags**: An object with key-value pair attributes that is passed when you assume an IAM role.
-   For more information, refer to the AWS documentation for [Passing session tags in AWS STS](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html).
+   - **Region**: (Optional) The region to configure the storage bucket for.
+   - **Access key ID** (Required): The MinIO service account's access key to use with this storage bucket.
+   - **Secret access key** (Required): The MinIO service account's secret key to use with this storage bucket.
    - **Worker filter**: (Required) A filter that indicates which Boundary workers have access to the storage. The filter must match an existing worker in order to create a Boundary storage bucket.
-   - **Disable credential rotation**: (Required) Prevents the AWS plugin from automatically rotating credentials.
-   This option is required if you use dynamic credentials.
-
-   </Tab>
-   </Tabs>
+   - **Disable credential rotation**: (Optional) Controls whether the plugin will rotate the incoming credentials and manage a new MinIO service account. If this attribute is set to false, or not provided, the plugin will rotate the incoming credentials, using them to create a new MinIO service account, then delete the incoming credentials.
 
 1. Click **Save**.
 
 </Tab>
-</Tabs>
-
-</Tab>
-<Tab heading="MinIO">
-
-Complete the following steps to create a storage bucket in Boundary.
-
-<Tabs>
 <Tab heading="CLI">
 
-<Note>
-
-  MinIO requires a service account to set up a Boundary storage bucket. Refer to the [Configure MinIO](/boundary/docs/configuration/session-recording/storage-providers/configure-minio#minio-requirements) page to learn more.
-
-</Note>
-
 1. Log in to Boundary.
 1. Use the following command to create a storage bucket in Boundary:
 
@@ -199,28 +220,6 @@ Complete the following steps to create a storage bucket in Boundary.
    - `access_key_id` (Required): The MinIO service account's access key to use with this storage bucket.
    - `secret_access_key` (Required): The MinIO service account's secret key to use with this storage bucket.
 
-</Tab>
-<Tab heading="UI">
-
-1. Log in to Boundary.
-1. Click **Storage Buckets** in the navigation bar.
-1. Click **New Storage Bucket**.
-1. Complete the following fields to create the Boundary storage bucket:
-   - **Name**: (Optional) The name field is optional, but if you enter a name it must be unique.
-   - **Description**: (Optional) An optional description of the Boundary storage bucket for identification purposes.
-   - **Scope**: (Required) A storage bucket can belong to the Global scope or an Org scope.
-   It can only associated with targets from the scope it belongs to.
-   - **Provider**: (Required) The external storage bucket provider.
-   - **Endpoint URL**: (Required) The fully-qualified endpoint pointing to a MinIO S3 API.
-   - **Bucket name**: (Required) Name of the AWS bucket you want to associate with the Boundary storage bucket.
-   - **Region**: (Optional) The region to configure the storage bucket for.
-   - **Access key ID** (Required): The MinIO service account's access key to use with this storage bucket.
-   - **Secret access key** (Required): The MinIO service account's secret key to use with this storage bucket.
-   - **Worker filter**: (Required) A filter that indicates which Boundary workers have access to the storage. The filter must match an existing worker in order to create a Boundary storage bucket.
-   - **Disable credential rotation**: (Optional) Controls whether the plugin will rotate the incoming credentials and manage a new MinIO service account. If this attribute is set to false, or not provided, the plugin will rotate the incoming credentials, using them to create a new MinIO service account, then delete the incoming credentials.
-
-1. Click **Save**.
-
 </Tab>
 </Tabs>
 
diff --git a/website/content/docs/configuration/session-recording/enable-session-recording.mdx b/website/content/docs/configuration/session-recording/enable-session-recording.mdx
index 74ed94a142..bc9760662f 100644
--- a/website/content/docs/configuration/session-recording/enable-session-recording.mdx
+++ b/website/content/docs/configuration/session-recording/enable-session-recording.mdx
@@ -27,34 +27,6 @@ Refer to [SSH target attributes](/boundary/docs/concepts/domain-model/targets#ss
 Complete the following steps to enable session recording on a target.
 
 <Tabs>
-<Tab heading="CLI">
-
-1. Log in to Boundary.
-1. Do one of the following:
-
-   - To enable an existing SSH target for session recording, run the following commmand:
-
-      ```bash
-      boundary targets update ssh -scope-id p_1234567890 -id tssh_1234567890 -enable-session-recording true -storage-bucket-id sb_1234567890
-      ```
-
-      Make sure to add the `-enable-session-recording true` flag to turn on session recording for the target.
-      Add the `-storage-bucket-id ID` for the storage bucket you want to associate with this target.
-
-   - To create a new target and enable it for session recording, run the following command:
-
-      ```bash
-      boundary targets create ssh -scope-id p_1234567890 -default -port 22 -name test1 -address 99.12.345.67 -enable-session-recording true -storage-bucket-id sb_1234567890
-      ```
-
-      Make sure to add the `-enable-session-recording true` flag to turn on session recording for the target.
-      Add the `-storage-bucket-id ID` for the storage bucket you want to associate with this target.
-      You can configure any other [target attributes](/boundary/docs/concepts/domain-model/targets).
-
-      You can now view the target from the **Targets** page in the Boundary console.
-
-</Tab>
-
 <Tab heading="UI">
 
 1. Log in to Boundary.
@@ -83,6 +55,33 @@ The following setting is required for session recording:
 
 1. Click **Save**.
 
+</Tab>
+<Tab heading="CLI">
+
+1. Log in to Boundary.
+1. Do one of the following:
+
+   - To enable an existing SSH target for session recording, run the following commmand:
+
+      ```bash
+      boundary targets update ssh -scope-id p_1234567890 -id tssh_1234567890 -enable-session-recording true -storage-bucket-id sb_1234567890
+      ```
+
+      Make sure to add the `-enable-session-recording true` flag to turn on session recording for the target.
+      Add the `-storage-bucket-id ID` for the storage bucket you want to associate with this target.
+
+   - To create a new target and enable it for session recording, run the following command:
+
+      ```bash
+      boundary targets create ssh -scope-id p_1234567890 -default -port 22 -name test1 -address 99.12.345.67 -enable-session-recording true -storage-bucket-id sb_1234567890
+      ```
+
+      Make sure to add the `-enable-session-recording true` flag to turn on session recording for the target.
+      Add the `-storage-bucket-id ID` for the storage bucket you want to associate with this target.
+      You can configure any other [target attributes](/boundary/docs/concepts/domain-model/targets).
+
+      You can now view the target from the **Targets** page in the Boundary console.
+
 </Tab>
 </Tabs>