Update vpc-interface-endpoints.adoc

Author: geoffcline

latest/ug/security/vpc-interface-endpoints.adoc

@@ -23,7 +23,7 @@ For more information, see link:vpc/latest/privatelink/privatelink-access-aws-ser
 * Amazon EKS supports making calls to all of its API actions through the interface endpoint, but not to the [.noloc]`Kubernetes` APIs. The [.noloc]`Kubernetes` API server already supports a <<cluster-endpoint,private endpoint>>. The [.noloc]`Kubernetes` API server private endpoint creates a private endpoint for the [.noloc]`Kubernetes` API server that you use to communicate with your cluster (using [.noloc]`Kubernetes` management tools such as `kubectl`). You can enable <<private-clusters,private access>> to the [.noloc]`Kubernetes` API server so that all communication between your nodes and the API server stays within your VPC. {aws} PrivateLink for the Amazon EKS API helps you call the Amazon EKS APIs from your VPC without exposing traffic to the public internet.
 * You can't configure Amazon EKS to only be accessed through an interface endpoint.
 * Standard pricing for {aws} PrivateLink applies for interface endpoints for Amazon EKS. You are billed for every hour that an interface endpoint is provisioned in each Availability Zone and for data processed through the interface endpoint. For more information, see link:privatelink/pricing/[{aws} PrivateLink pricing,type="marketing"].
-* VPC endpoint policies are not supported for Amazon EKS. By default, full access to Amazon EKS is allowed through the interface endpoint. Alternatively, you can associate a security group with the endpoint network interfaces to control traffic to Amazon EKS through the interface endpoint.
+* VPC endpoint policies are supported for Amazon EKS. You can use these policies to control access to Amazon EKS through the interface endpoint. Additionally, you can associate a security group with the endpoint network interfaces to control traffic to Amazon EKS through the interface endpoint.
 * You can use VPC flow logs to capture information about IP traffic going to and from network interfaces, including interface endpoints. You can publish flow log data to Amazon CloudWatch or Amazon S3. For more information, see link:vpc/latest/userguide/flow-logs.html[Logging IP traffic using VPC Flow Logs,type="documentation"] in the Amazon VPC User Guide.
 * You can access the Amazon EKS APIs from an on-premises data center by connecting it to a VPC that has an interface endpoint. You can use {aws} Direct Connect or {aws} Site-to-Site VPN to connect your on-premises sites to a VPC.
 * You can connect other VPCs to the VPC with an interface endpoint using an {aws} Transit Gateway or VPC peering. VPC peering is a networking connection between two VPCs. You can establish a  VPC peering connection between your VPCs, or with a VPC in another account. The VPCs can be in different {aws} Regions. Traffic between peered VPCs stays on the {aws} network. The traffic doesn't traverse the public internet. A Transit Gateway is a network transit hub that you can use to interconnect VPCs. Traffic between a VPC and a Transit Gateway remains on the {aws} global private network. The traffic isn't exposed to the public internet.
@@ -60,4 +60,4 @@ However, To use the dual-stack endpoints with the {aws} CLI, see the link:sdkref
 * Any call made to the Amazon EKS default service endpoint is automatically routed through the interface endpoint over the private {aws} network.
 
 
-📝 https://github.com/search?q=repo%3Aawsdocs%2Famazon-eks-user-guide+%5B%23vpc-interface-endpoints%5D&type=code[Edit this page on GitHub]
+📝 https://github.com/search?q=repo%3Aawsdocs%2Famazon-eks-user-guide+%5B%23vpc-interface-endpoints%5D&type=code[Edit this page on GitHub]