From 60bb639442bc4516971ba82f4d7944e86949a009 Mon Sep 17 00:00:00 2001
From: shraddha bang <shrabang@amazon.com>
Date: Mon, 17 Feb 2025 12:41:37 -0800
Subject: [PATCH] Fix docs for source ranges for internal NLB

---
 docs/guide/service/annotations.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/guide/service/annotations.md b/docs/guide/service/annotations.md
index 702107e78..a9d01de4d 100644
--- a/docs/guide/service/annotations.md
+++ b/docs/guide/service/annotations.md
@@ -498,12 +498,12 @@ Load balancer access can be controlled via following annotations:
 - <a name="lb-source-ranges">`service.beta.kubernetes.io/load-balancer-source-ranges`</a> specifies the CIDRs that are allowed to access the NLB.
 
     !!!tip
-        we recommend specifying CIDRs in the service `spec.loadBalancerSourceRanges` instead
+        - We recommend specifying CIDRs in the service `spec.loadBalancerSourceRanges` instead
+        - For enhanced security with `internal` network load balancers, we recommend limiting access by specifying allowed source IP ranges.  This can be done using either the `service.beta.kubernetes.io/load-balancer-source-ranges` annotation or the `spec.loadBalancerSourceRanges` field.
 
     !!!note "Default"
         - `0.0.0.0/0` will be used if the IPAddressType is "ipv4"
         - `0.0.0.0/0` and `::/0` will be used if the IPAddressType is "dualstack"
-        - The VPC CIDR will be used if `service.beta.kubernetes.io/aws-load-balancer-scheme` is `internal`
 
     !!!warning ""
         This annotation will be ignored in case preserve client IP is not enabled.