From 97914ae2129d73529852d49fdaefe676fbf26852 Mon Sep 17 00:00:00 2001 From: Ben Drucker Date: Mon, 23 Sep 2019 18:01:05 -0700 Subject: [PATCH] docs: clarify security group name comes from tag --- docs/guide/ingress/annotation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/guide/ingress/annotation.md b/docs/guide/ingress/annotation.md index e4d7d2a08..e8c21b093 100644 --- a/docs/guide/ingress/annotation.md +++ b/docs/guide/ingress/annotation.md @@ -158,7 +158,7 @@ Access control for LoadBalancer can be controlled with following annotations: When this annotation is not present, the controller will automatically create 2 security groups: the first security group will be attached to the LoadBalancer and allow access from [`inbound-cidrs`](#inbound-cidrs) to the [`listen-ports`](#listen-ports). The second security group will be attached to the EC2 instance(s) and allow all TCP traffic from the first security group created for the LoadBalancer. !!!tip "" - both name or ID of securityGroups are supported. + Both name or ID of securityGroups are supported. Name matches a `Name` tag, not the `groupName` attribute. !!!warning "" The [default limit](https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_vpc) of security groups per network interface in AWS is 5. This limit is quickly reached when multiple load balancers are provisioned by the controller without this annotation, therefore it is recommended to set this annotation to a self-managed security group (or request AWS support to increase the number of security groups per network interface for your AWS account). If this annotation is specified, you should also manage the security group used by the EC2 instances to allow inbound traffic from the security group attached to the LoadBalancer.