From acecfc40338f77164f224cec0a4321e462ccf9b8 Mon Sep 17 00:00:00 2001
From: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Date: Tue, 13 Dec 2022 11:03:41 +0100
Subject: [PATCH] debugd: document AWS IAM needed for log collection

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
---
 debugd/README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/debugd/README.md b/debugd/README.md
index 5b8cf8b3c..64244528c 100644
--- a/debugd/README.md
+++ b/debugd/README.md
@@ -58,6 +58,8 @@ You can enable the logcollection of debugd to send logs to Opensearch.
 
 On Azure, ensure your user assigned identity has the `Key Vault Secrets User` role assigned on the key vault `opensearch-creds`.
 
+On AWS, attach the `SecretManagerE2E` policy to your control-plane and worker node role.
+
 When deploying with cdbg, enable by setting the `logcollect=true` and your name `logcollect.admin=yourname`.
 
 ```shell-session