diff --git a/security_groups.tf b/security_groups.tf
index 6683944..f19e47a 100644
--- a/security_groups.tf
+++ b/security_groups.tf
@@ -50,15 +50,11 @@ resource "aws_security_group" "additional_eks_cluster_sg" {
       aws_security_group.all_worker_mgmt.id,
     ]
   }
-  # this grants in-VPC access to the K8S api
-  # updated to get all census private cidrs to get on-prem, as we are now       sending the interface traffic over
-  # a private IP only (disabling public access). This is to reach a cluster     api from another account and VPC
-  # so we open all the cloud accounts too
+
   ingress {
-    from_port = 443
-    to_port   = 443
-    protocol  = "tcp"
-    #    cidr_blocks = [ var.vpc_cidr_block ]
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
     cidr_blocks = concat(var.census_private_cidr, ["10.0.0.0/8"])
   }