Minor edits

cahofmeyr · cahofmeyr · commit 237048805687 · 2025-01-23T07:05:43.000-07:00
diff --git a/installation/database-setup/private-endpoints.mdx b/installation/database-setup/private-endpoints.mdx
@@ -6,7 +6,7 @@ title: "Private Endpoints"
 
 To avoid exposing a database in AWS to the public internet, AWS Private Endpoints ([AWS PrivateLink](https://aws.amazon.com/privatelink/)) are an option that provides private networking between the source database and the PowerSync Service. Private Endpoints are currently available on our [Team and Enterprise plans](https://www.powersync.com/pricing).
 
-We use Private Endpoints instead of VPC Peering, to ensure that no other resources are exposed between the VPCs.
+We use Private Endpoints instead of VPC peering, to ensure that no other resources are exposed between the VPCs.
 
 <Warning>
 Do not rely on Private Endpoints as the only form of security. Always use strong database passwords, and use client certificates if additional security is required.
@@ -17,23 +17,23 @@ Do not rely on Private Endpoints as the only form of security. Always use strong
 1. Private Endpoints are currently only supported for Postgres and MongoDB instances. [Contact us](/resources/contact-us) if you need this for MySQL.
 2. Self-service is not yet available on the PowerSync side - contact PowerSync support to configure the instance.
 3. Only AWS is supported currently, other cloud providers are not supported yet.
-4. "Test Connection" on the dashboard is not supported yet - the instance has to be deployed to test the connection.
+4. "Test Connection" on the [PowerSync Dashboard](/usage/tools/powersync-dashboard) is not supported yet - the instance has to be deployed to test the connection.
 
 ## Concepts
 
-* AWS PrivateLink is the overarching feature on AWS.
+* [AWS PrivateLink](https://aws.amazon.com/privatelink/) is the overarching feature on AWS.
 
-* VPC/Private Endpoint Service is the service that exposes the database, and lives in the same VPC as the source database. It provides a one-way connection to the database without exposing other resources in the VPC..
+* VPC/Private Endpoint Service is the service that exposes the database, and lives in the same VPC as the source database. It provides a one-way connection to the database without exposing other resources in the VPC.
 
-  * Endpoint Service Name is a unique identifier for this Endpoint Service.
+  * _Endpoint Service Name_ is a unique identifier for this Endpoint Service.
   * Each Endpoint Service may have multiple Private Endpoints in different VPCs.
 
 * VPC/Private Endpoint is the endpoint in the PowerSync VPC. This is what the PowerSync instance connects to.
 
 For custom Endpoint Services for Postgres:
 * Network Load Balancer (NLB) is a load balancer that exposes the source database to the Endpoint Service.
-  * Target Group specifies the IPs and ports for the Network Load Balancer to expose.
-  * Listener for the Network Load Balancer is what describes the incoming port on the Network Load Balancer (the port that the PowerSync instance connects to).
+  * _Target Group_ specifies the IPs and ports for the Network Load Balancer to expose.
+  * _Listener_ for the Network Load Balancer is what describes the incoming port on the Network Load Balancer (the port that the PowerSync instance connects to).
 
 ## Private Endpoint Setup
 
@@ -48,7 +48,7 @@ Limitations:
 
 ### 1. Configure the Endpoint Service
 
-1. In the Atlas project dashboard, go to Network Access -> Private Endpoint -> Dedicated Cluster.
+1. In the Atlas project dashboard, go to Network Access → Private Endpoint → Dedicated Cluster.
 2. Select "Add Private Endpoint".
 3. Select AWS and the relevant AWS region.
 4. Wait for the Endpoint Service to be created.
@@ -83,7 +83,7 @@ We will then configure the instance to use the Endpoint Service for the database
 On the Atlas Private Endpoint Configuration, in the final step, specify the VPC Endpoint ID from above.
 If you have already closed the dialog, go through the process of creating a Private Endpoint again. It should have the same Endpoint Service Name as before.
 
-Check that the Endpoint Status changes to Available.
+Check that the Endpoint Status changes to _Available_.
 
 ### 5. Deploy
 
@@ -98,23 +98,23 @@ Verify the connection details, and deploy the instance. Monitor the logs to ensu
 
 To configure a Private Endpoint Service, a network load balancer is required to forward traffic to the database.
 
-This can be used with a Postgres database running on an EC2 instance, or a RDS instance.
+This can be used with a Postgres database running on an EC2 instance, or an RDS instance.
 
-For AWS RDS, the guide below does not handle dynamic IPs if the RDS instance's IP changes. This needs additional work to automatically update the IP - see this [AWS blog post](https://aws.amazon.com/blogs/database/access-amazon-rds-across-vpcs-using-aws-privatelink-and-network-load-balancer/) on the topic. This is specifically relevant if using a RDS cluster with failover support.
+For AWS RDS, the guide below does not handle dynamic IPs if the RDS instance's IP changes. This needs additional work to automatically update the IP - see this [AWS blog post](https://aws.amazon.com/blogs/database/access-amazon-rds-across-vpcs-using-aws-privatelink-and-network-load-balancer/) on the topic. This is specifically relevant if using an RDS cluster with failover support.
 
 Use the following steps to configure the Endpoint Service:
 
 ### 1. Create a Target Group
 
 1. Obtain the RDS Instance's private IP address. Make sure this points to a writable instance.
-2. Create a Target Group with IP addresses as target type, using the IP address from above. Use TCP protocol, and specify the database port (typically 5432 for Postgres).
+2. Create a Target Group with IP addresses as target type, using the IP address from above. Use TCP protocol, and specify the database port (typically `5432` for Postgres).
 3. Note: The IP address of your RDS instance may change over time. To maintain a consistent connection, consider implementing automation to monitor and update the target group's IP address as needed. See the [AWS blog post](https://aws.amazon.com/blogs/database/access-amazon-rds-across-vpcs-using-aws-privatelink-and-network-load-balancer/) on the topic.
 
 ### 2. Create a Network Load Balancer (NLB)
 
 1. Select the same VPC as your RDS instance.
 2. Choose at least two subnets in different availability zones.
-3. Configure a TCP listener and pick a port (for example 5432 again).
+3. Configure a TCP listener and pick a port (for example `5432` again).
 4. Associate the listener with the target group created earlier.
 
 ### 3. Modify the security group
diff --git a/resources/security.mdx b/resources/security.mdx
@@ -17,6 +17,8 @@ At PowerSync, we take security very seriously and everything we do is designed t
 
 See [Private Endpoints](/installation/database-setup/private-endpoints) for using a private network to your database using AWS PrivateLink.
 
+We use Private Endpoints instead of VPC peering, to ensure that no other resources are exposed between VPCs.
+
 
 ### Client-Side Security
 
