diff --git a/04-path-security-and-networking/402-authentication-and-authorization/templates/kube2iam-ds.yaml b/04-path-security-and-networking/402-authentication-and-authorization/templates/kube2iam-ds.yaml
index aba9bce7..074d8cba 100644
--- a/04-path-security-and-networking/402-authentication-and-authorization/templates/kube2iam-ds.yaml
+++ b/04-path-security-and-networking/402-authentication-and-authorization/templates/kube2iam-ds.yaml
@@ -19,6 +19,8 @@ spec:
           name: kube2iam
           args:
             - "--auto-discover-base-arn"
+           # Set the host network interface to 'eni+' in the case of using 
+           # amazon-vpc-cni-k8s (see https://github.com/jtblin/kube2iam#iptables)
             - "--host-interface=cbr0"
             - "--host-ip=$(HOST_IP)"
             - "--iptables=true"