Add note about VPC details (github#567)

Loquacity · jacobprall · emizero · web-flow · commit d40528230062 · 2021-11-01T11:05:59.000-05:00
* Add note about VPC details

* Apply suggestions from code review

Co-authored-by: emizero &lt;83252792+emizero@users.noreply.github.com&gt;
Co-authored-by: Jacob Prall &lt;prall.jacob@gmail.com&gt;

* Apply suggestions from code review

* Update mst/vpc-peering.md

Co-authored-by: emizero &lt;83252792+emizero@users.noreply.github.com&gt;

Co-authored-by: Jacob Prall &lt;prall.jacob@gmail.com&gt;
Co-authored-by: emizero &lt;83252792+emizero@users.noreply.github.com&gt;
diff --git a/mst/vpc-peering.md b/mst/vpc-peering.md
@@ -1,20 +1,19 @@
 # VPC peering
-
-Virtual Private Cloud (VPC) peering is a method of connecting separate AWS or
-Google Cloud private networks to each other. It makes it possible for the virtual
-machines in the different VPC's to talk to each other directly without going
-through the public internet.
+Virtual Private Cloud (VPC) peering is a method of connecting separate
+Cloud private networks to each other. It makes it possible for the
+virtual machines in the different VPC's to talk to each other directly without
+going through the public internet. VPC peering is limited to VPCs that share the same Cloud provider.
 
 VPC peering setup is a per project and per region setting. This means that all
 services created and running utilize the same VPC peering connection. If needed,
 you can have multiple projects that peer with different connections.
 
 <highlight type="tip">
 Services are only accessible via your VPC's internal network, they are not
-accessible from the public internet TLS certificates for VPC peered services
-are signed by the Timescale project CA and cannot be validated against a public
-CA (Let's Encrypt) You can choose service-by-service whether you want to run on
-VPC peered network or on public internet.
+accessible from the public internet.  TLS certificates for VPC peered services are
+signed by the Timescale project CA and cannot be validated against a public CA
+(Let's Encrypt). You can choose service-by-service whether you want to run on VPC
+peered network or on public internet.
 </highlight>
 
 ## Setting it up
@@ -26,21 +25,27 @@ in a VPC or not: The list of cloud providers and regions contains options like
 "Belgium - Google Cloud: Belgium" and "Belgium - Google Cloud: Belgium - Project
 VPC". Here selecting the former would create the service to non-VPC environment
 while the latter would place the service within the VPC. The same functionality
-is available with the "Migrate" feature, allowing moving a service to / from a VPC.
+is available with the "Migrate" feature, allowing moving a service to and from a
+VPC.
 
 The IP Range should be chosen so that it doesn't overlap with any networks you
 wish to peer. For example, if your own networks use the 10.0.0.0/8 range,
 selecting 192.168.0.0/24 for your Timescale project VPC makes it possible to
 peer the networks.
 
 Peering connections can be requested with the VPC request, or added later. Note
-however that the VPC is not accessible until at least one connection has been created.
+however that the VPC is not accessible until at least one connection has been
+created.
 
 After the request has been submitted VPC peering will be automatically set up by
-Manage Service for TimescaleDB, and the status is updated in the web console's VPC view together
-with instructions for starting peering with our network. Note that you'll need
-to accept a VPC peering connection request (AWS) or create a corresponding
-peering from your project to Manage Service for TimescaleDB's (Google) before Manage Service for TimescaleDB's
-backend can notice the peering is ready and traffic can be routed through it.
-After setting up your side, the VPC peering will activate shortly on the Timescale
-Cloud console.
+Managed Service for TimescaleDB, and the status is updated in the web console's
+VPC view together with instructions for starting peering with our network. Note
+that you'll need to accept a VPC peering connection request (AWS) or create a
+corresponding peering from your project to Managed Service for TimescaleDB's
+(Google) before Managed Service for TimescaleDB's backend can notice the peering
+is ready and traffic can be routed through it. After setting up your side, the
+VPC peering will activate shortly on the Managed Service for TimescaleDB console.
+
+When you have submitted a VPC peering request, you can find cloud-specific
+identification details for your VPC by hovering your mouse over the `pending
+peer` status message of the peering request. The details show in a popup dialog.
