Apply suggestions from code review

shraddhabang · johngmyers · web-flow · commit 3cb255ff4b4c · 2023-08-14T10:45:11.000-07:00
Co-authored-by: John Gardiner Myers &lt;jgmyers@proofpoint.com&gt;
diff --git a/docs/deploy/security_groups.md b/docs/deploy/security_groups.md
@@ -4,7 +4,7 @@ The AWS Load Balancer Controller classifies security groups into two categories:
 
 ## Frontend Security Groups
 
-Frontend security groups control which clients can access the load balancers. The frontend security groups can be configured with the `alb.ingress.kubernetes.io/security-groups` annotation on the Ingress resources or `service.beta.kubernetes.io/aws-load-balancer-security-groups` annotation on the Service resources. If the annotation is not specified, the LBC will create one security group per load balancer, allowing traffic from `inbound-cidrs` to `listen-ports`.
+Frontend security groups control which clients can access the load balancers. The frontend security groups can be configured with the `alb.ingress.kubernetes.io/security-groups` annotation on Ingress resources or `service.beta.kubernetes.io/aws-load-balancer-security-groups` annotation on Service resources. If the annotations are not specified, the LBC will create one security group per load balancer, allowing traffic from `inbound-cidrs` to `listen-ports`.
 
 ## Backend Security Groups
 
@@ -25,7 +25,7 @@ You can turn off the shared backend security group feature by setting `--enable-
 
 When the LBC auto-creates the frontend security group for a load balancer, it automatically adds the security group rules to allow traffic from the load balancer to the backend instances/ENIs.
 
-When the frontend security group is specified via the `alb.ingress.kubernetes.io/security-groups` annotation on the Ingress resources or `service.beta.kubernetes.io/aws-load-balancer-security-groups` annotation on the Service resources, the controller by default will not add any security group rules to the backend instances/ENIs. The automatic management of instance/ENI security group can be controlled via the additional annotation `alb.ingress.kubernetes.io/manage-backend-security-group-rules` on the Ingress resource or `service.beta.kubernetes.io/aws-load-balancer-manage-backend-security-group-rules` on the Service resources. When this annotation is set to true the security group rules are automatically managed by the controller. This annotation gets ignored in the case of auto-generated security groups. `--enable-backend-security-group` needs to be true if `alb.ingress.kubernetes.io/manage-backend-security-group-rules` or `service.beta.kubernetes.io/aws-load-balancer-manage-backend-security-group-rules` is specified, otherwise it is an error.
+When the frontend security group is specified via the `alb.ingress.kubernetes.io/security-groups` annotation on Ingress resources or `service.beta.kubernetes.io/aws-load-balancer-security-groups` annotation on Service resources, the controller will not by default add any security group rules to the backend instances/ENIs. The automatic management of instance/ENI security group can be controlled via the additional annotation `alb.ingress.kubernetes.io/manage-backend-security-group-rules` on Ingress resources or `service.beta.kubernetes.io/aws-load-balancer-manage-backend-security-group-rules` on Service resources. When these annotations are set to true the security group rules are automatically managed by the controller. These annotations get ignored in the case of auto-generated security groups. `--enable-backend-security-group` needs to be true if either `alb.ingress.kubernetes.io/manage-backend-security-group-rules` or `service.beta.kubernetes.io/aws-load-balancer-manage-backend-security-group-rules` are specified, otherwise it is an error.
 
 ### Port Range Restrictions for Backend Security Group Rules
 
diff --git a/docs/guide/service/annotations.md b/docs/guide/service/annotations.md
@@ -452,17 +452,17 @@ Load balancer access can be controlled via following annotations:
         ```
         service.beta.kubernetes.io/aws-load-balancer-internal: "true"
         ```
-- <a name="security-groups">`service.beta.kubernetes.io/aws-load-balancer-security-groups`</a>  specifies the frontend securityGroups you want to attach to NLB.
+- <a name="security-groups">`service.beta.kubernetes.io/aws-load-balancer-security-groups`</a>  specifies the frontend securityGroups you want to attach to an NLB.
 
     !!!note ""
         When this annotation is not present, the controller will automatically create one security group. The security group will be attached to the LoadBalancer and allow access from `inbound-cidrs` to the `listen-ports`.
-        Also, the securityGroups for instance/ENI will be modified to allow inbound traffic from this securityGroup.
+        Also, the securityGroups for target instances/ENIs will be modified to allow inbound traffic from this securityGroup.
 
     !!!note ""
-        If you specify this annotation, you need to configure the security groups on your instance/ENI to allow inbound traffic from the load balancer. You could also set the [`manage-backend-security-group-rules`](#manage-backend-sg-rules) if you want the controller to manage the access rules.
+        If you specify this annotation, you need to configure the security groups on your target instances/ENIs to allow inbound traffic from the load balancer. You could also set the [`manage-backend-security-group-rules`](#manage-backend-sg-rules) if you want the controller to manage the security group rules.
 
     !!!tip ""
-        Both name or ID of securityGroups are supported. Name matches a `Name` tag, not the `groupName` attribute.
+        Both name and ID of securityGroups are supported. Name matches a `Name` tag, not the `groupName` attribute.
 
     !!!example
         ```
