making big edits

content/rancher/v2.x/en/cluster-provisioning/hosted-kubernetes-clusters/eks/_index.md

@@ -48,19 +48,79 @@ Use {{< product >}} to set up and configure your Kubernetes cluster.
 
 4. {{< step_create-cluster_member-roles >}}
 
-5. Enter your **Access Key**.
+1. Configure **Account Access** for the EKS cluster. Complete each drop-down and field.
 
-6. Enter your **Secret Key**
+    | Setting    | Description                                                                                                          |
+    | ---------- | -------------------------------------------------------------------------------------------------------------------- |
+    | Region     | From the drop-down choose the geographical region in which to build your cluster.                                    |
+    | Access Key | Enter the access key that you created in [2. Create Access Key and Secret Key](#2-create-access-key-and-secret-key). |
+    | Secret Key | Enter the secret key that you created in [2. Create Access Key and Secret Key](#2-create-access-key-and-secret-key). |
+        
+1. Click **Next: Select Service Role**. Then choose a service role.
 
-7. Click **Next: Authenticate & configure nodes**.
+    Service Role | Description 
+    -------------|---------------------------
+    Standard: Rancher generated service role | placeholder
+    Custom: Choose from your existing service roles | placeholder
 
-8. Specify any additional options (such as instance type or minimum and maximum number of nodes). Then click **Create**.
+1. Click **Next: Select VPC and Subnet**.
+
+1. Choose an option for **Public IP for Worker Nodes**. Your selection for this option determines what options are available for **VPC & Subnet**.
+
+    Option | Description
+    -------|------------
+    Yes | When your cluster nodes are provisioned, they're assigned a both a private and public IP address.
+    No: Private IPs only | When your cluster nodes are provisioned, they're assigned only a private IP address.<br/><br/>If you choose this option, you must also choose a **VPC & Subnet** that allow your instances to access the internet. This access is required so that your worker nodes can connect to the Kubernetes control plane. 
+
+1. Now choose a **VPC & Subnet**. Follow one of the sets of instructions below based on your selection from the previous step.
+
+
+    {{% accordion id="yes" label="Public IP for Worker Nodes—Yes" %}}
+If you choose to assign a public IP address to your cluster's worker nodes, you have the option of choosing between a VPC that's automatically generated by Rancher (i.e., **Standard: Rancher generated VPC and Subnet**), or a VPC that you're already created with AWS (i.e., **Custom: Choose from your existing VPC and Subnets**). Choose the option that best fits your use case.
+
+1. Choose a **VPC and Subnet** option.
+
+    Option | Description 
+    -------|------------
+    Standard: Rancher generated VPC and Subnet | While provisioning your cluster, Rancher generates a new VPC and Subnet.
+    Custom: Choose from your exiting VPC and Subnets | While provisioning your cluster, Rancher configures your nodes to use a VPC and Subnet that you've already created in AWS. If you choose this option, complete the remaining steps below.
+
+1.  If you're using **Custom: Choose from your existing VPC and Subnets**:
+
+    (If you're using **Standard**, skip to [step 10](#security-group))
+    
+	1. Make sure **Custom: Choose from your existing VPC and Subnets** is selected.
+	
+	1. From the drop-down that displays, choose a VPC.
+	
+	1. Click **Next: Select Subnets**. Then choose one of the **Subnets** that displays.
+
+    1. Click **Next: Select Security Group**.
+    {{% /accordion %}}
+    {{% accordion id="no" label="Public IP for Worker Nodes—No: Private IPs only" %}}
+If you chose this option, you must also choose a **VPC & Subnet** that allow your instances to access the internet. This access is required so that your worker nodes can connect to the Kubernetes control plane. Follow the steps below.
+
+>**Tip:** When using only private IP addresses, you can provide your nodes internet access by creating a VPC constructed with two subnets, a private set and a public set.  The private set should have its route tables configured to point toward a NAT in the public set.  For more information on routing traffic from private subnets, please see the [official AWS documentation](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Instance.html).
+    
+    1. From the drop-down that displays, choose a VPC.
+	
+	1. Click **Next: Select Subnets**. Then choose one of the **Subnets** that displays.
+
+    1. Click **Next: Select Security Group**.
+    {{% /accordion %}}
+
+1. <a id="security-group"></a>Choose a **Security Group**.
+
+1. Click **Select Instance Options**, and then edit the node options available.
+
+    Option | Description
+    -------|------------
+    Instance Type | placeholder
+    Custom AMI Override | placeholder
+    Minimum ASG Size | placeholder
+    Maximum ASG Size | placeholder 
+
+1. Click **Create**.
 
 {{< result_create-cluster >}}
 
-# Note on Public IP for Worker Notes
-
-If you specify `Public IP for Worker Nodes` as `false`, you must also specify a VPC with subnets that allow your instances to access the internet. This access is required so that your worker nodes can connect to the Kubernetes control plane.
-
-One possible configuration solution is a VPC constructed with two subnets, a private set and a public set.  The private set should have its route tables configured to point toward a NAT in the public set.  For more information on routing traffic from private subnets, please see the [official AWS documentation](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Instance.html).
-