Minor Change

docs/api-types/target-group-policy.md

@@ -4,7 +4,7 @@
 
 By default, AWS Gateway API Controller assumes plaintext HTTP/1 traffic for backend Kubernetes resources.
 TargetGroupPolicy is a CRD that can be attached to Service or ServiceExport, which allows the users to define protocol, protocol version and
-health check configurations of those backend resources. 
+health check configurations of those backend resources.
 
 When attaching a policy to a resource, the following restrictions apply:
 
@@ -28,9 +28,9 @@ However, the policy will not take effect unless the target is valid.
 
 ### Limitations and Considerations
 
-- Attaching TargetGroupPolicy to a Service that is already referenced by a route  will result in a replacement
+- Attaching TargetGroupPolicy to an existing Service that is already referenced by a route will result in a replacement
   of VPC Lattice TargetGroup resource, except for health check updates.
-- Attaching TargetGroupPolicy to a ServiceExport will result in a replacement of VPC Lattice TargetGroup resource, except for health check updates.
+- Attaching TargetGroupPolicy to an existing ServiceExport will result in a replacement of VPC Lattice TargetGroup resource, except for health check updates.
 - Removing TargetGroupPolicy of a resource will roll back protocol configuration to default setting. (HTTP1/HTTP plaintext)
 
 ## Example Configuration

docs/api-types/tls-route.md

@@ -5,20 +5,12 @@
 With integration of the Gateway API, AWS Gateway API Controller supports `TLSRoute`.
 This allows you to define and manage end-to-end TLS encrypted traffic routing to your Kubernetes clusters.
 
-### TLSRoute Key Features & Limitations
-
-**Features**:
-
-- **Routing Traffic**: Enables routing end-to-end TLS encrypted traffic from your client workload to server workload.
-
-
-**Limitations**:
-
-- **Listener Protocol**: The `TLSRoute` sectionName must refer to an TLS protocol listener with mode: Passthrough in the parent `Gateway`.
+### Considerations
 
+- `TLSRoute` sectionName must refer to an TLS protocol listener with mode: Passthrough in the parentRef `Gateway`.
 - `TLSRoute` only supports to have one rule.
-- `TLSRoute` don't support `matches` field in the rule.
-- The `hostnames` field with exactly one host name is required. This domain name is used as a vpc lattice's Service Name Indication (SNI) match.
+- `TLSRoute` don't support any rule matching condition.
+- The `hostnames` field with exactly one host name is required. This domain name is used as a vpc lattice's Service Name Indication (SNI) match to route the traffic to the correct backend service.
 
 
 ## Example Configuration
@@ -57,6 +49,10 @@ In this example:
 - The `TLSRoute` is configured to route traffic to a k8s service named `nginx-tls` on port 443.
 - The `hostnames` field is set to `nginx-test.my-test.com`. The customer must use this domain name to send traffic to the nginx service.
 
-This `TLSRoute` documentation provides a detailed introduction, feature set, and a basic example of how to configure
-and use the resource within AWS Gateway API Controller project. For in-depth details and specifications, you can refer to the
-official [Gateway API documentation](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1alpha2.TLSRoute).
+
+For the detailed tls passthrough traffic connectivity setup, please refer the user guide [here](../guides/tls-passthrough.md).
+
+For the detailed Gateway API `TLSRoute` resource specifications, you can refer to the
+Kubernetes official [documentation](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1alpha2.TLSRoute).
+
+For the VPC Lattice tls passthrough Listener configuration details, you can refer to the VPC Lattice [documentation](https://docs.aws.amazon.com/vpc-lattice/latest/ug/tls-listeners.html).