diff --git a/docs/guide/service/annotations.md b/docs/guide/service/annotations.md index aa01011b7..b162aec20 100644 --- a/docs/guide/service/annotations.md +++ b/docs/guide/service/annotations.md @@ -49,7 +49,7 @@ | [service.beta.kubernetes.io/aws-load-balancer-target-node-labels](#target-node-labels) | stringMap | | | | [service.beta.kubernetes.io/aws-load-balancer-attributes](#load-balancer-attributes) | stringMap | | | | [service.beta.kubernetes.io/aws-load-balancer-security-groups](#security-groups) | stringList | | | -| [service.beta.kubernetes.io/aws-load-balancer-manage-backend-security-group-rules](#manage-backend-sg-rules) | boolean | true | | +| [service.beta.kubernetes.io/aws-load-balancer-manage-backend-security-group-rules](#manage-backend-sg-rules) | boolean | true | If `service.beta.kubernetes.io/aws-load-balancer-security-groups` is specified, this must also be explicitly specified otherwise it defaults to `false`. | | [service.beta.kubernetes.io/aws-load-balancer-inbound-sg-rules-on-private-link-traffic](#update-security-settings) | string | | ## Traffic Routing @@ -482,7 +482,7 @@ Load balancer access can be controlled via following annotations: - `service.beta.kubernetes.io/aws-load-balancer-manage-backend-security-group-rules` specifies whether the controller should automatically add the ingress rules to the instance/ENI security group. !!!warning "" - If you disable the automatic management of security group rules for an NLB, you will need to manually add appropriate ingress rules to your EC2 instance or ENI security groups to allow access to the traffic and health check ports. + If you disable the automatic management of security group rules for an NLB (e.g.: by setting `service.beta.kubernetes.io/aws-load-balancer-security-groups`), you will need to manually add appropriate ingress rules to your EC2 instance or ENI security groups to allow access to the traffic and health check ports. !!!example ```