Merge branch 'master' into rc-packaging

content/embeds/rc-vpc-peering-cidr-list.md

@@ -0,0 +1 @@
+If you've enabled the database's [CIDR allow list]({{< relref "/rc/security/cidr-whitelist" >}}), you must also [add the VPC peered IP addresses to the CIDR allow list]({{< relref "/rc/security/cidr-whitelist#define-cidr-allow-list" >}}) to connect to the database via the private endpoint.

content/rc/security/aws-transit-gateway.md

@@ -156,4 +156,8 @@ To finish Transit gateway setup, [update your route tables for the peering conne
 
 After Transit gateway is established, we recommend switching your application connection string to the private endpoint.
 
+{{< note >}}
+If you've enabled the database's [CIDR allow list]({{< relref "/rc/security/cidr-whitelist" >}}), you must also [add the Transit Gateway's IP address to the CIDR allow list]({{< relref "/rc/security/cidr-whitelist#define-cidr-allow-list" >}}) to connect to the database via the private endpoint.
+{{< /note >}}
+
 

content/rc/security/cidr-whitelist.md

@@ -14,21 +14,19 @@ The [CIDR](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) [allow
 
 You can configure your database's CIDR allow list to restrict client connections to a specific range of IP addresses.
 
-
 {{< note >}}
 To use the CDIR allow list, you must be on either paid Redis Cloud Essentials or on Redis Cloud Pro.  This feature is not supported on free Redis Cloud Essentials plans.
 {{< /note >}}
 
-
 ### Define CIDR allow list
 
 To define the CIDR allow list for a database:
 
 1. Select **Databases** from the [Redis Cloud console](https://app.redislabs.com/) menu and then select your database from the list.
 
-1. From the database's **Configuration** screen, select the **Edit database** button:
+1. From the database's **Configuration** screen, select the **Edit database** button.
 
-1. In the **Security** section, turn on the **CIDR allow list** toggle:
+1. In the **Security** section, turn on the **CIDR allow list** toggle.
 
 1. Enter the first IP address (in CIDR format) you want to allow in the text box and then select the check mark to add it to the allow list:
 
@@ -44,6 +42,10 @@ To define the CIDR allow list for a database:
 
 1. Select **Save database** to apply your changes.
 
+{{< note >}}
+The database CIDR allow list applies to both the public endpoint and the private endpoint. If you use connectivity options such as [VPC Peering]({{< relref "/rc/security/vpc-peering" >}}) and [Transit Gateway]({{<relref "/rc/security/aws-transit-gateway">}}) to connect to your database via the private endpoint, you must also add those IPs to your database's CIDR allow list.
+{{< /note >}}
+
 ## Subscription allow list
 
 If you use a [self-managed, external cloud account]({{<relref "/rc/cloud-integrations">}}) to host your Redis Cloud deployment, you can configure a subscription-wide allow list

content/rc/security/vpc-peering.md

@@ -87,6 +87,10 @@ To finish VPC peering setup, [update your route tables for the peering connectio
 
 Once VPC peering is established, we recommend switching your application connection string to the private endpoint.
 
+{{< note >}}
+{{< embed-md "rc-vpc-peering-cidr-list.md"  >}}
+{{< /note >}}
+
 ## Google Cloud VPC peering {#gcp-vpc-peering}
 
 If you want to peer a Redis Cloud VPC with a Google Cloud VPC, you need to:
@@ -126,3 +130,7 @@ To set up VPC peering:
 To approve the VPC peering request between Redis Cloud and Google Cloud, use the [`gcloud` CLI](https://cloud.google.com/sdk/gcloud) to run the **Google cloud command** that you copied before you initiated VPC peering.
 
 Once VPC peering is established, we recommend switching your application connection string to the private endpoint.
+
+{{< note >}}
+{{< embed-md "rc-vpc-peering-cidr-list.md"  >}}
+{{< /note >}}