diff --git a/lib/modules/datasource/aws-machine-image/readme.md b/lib/modules/datasource/aws-machine-image/readme.md
index 14f8317f66bc15b88b01693da410766502e5a8cc..3997cb49a25b4c75c1df14e290073880fa1a15af 100644
--- a/lib/modules/datasource/aws-machine-image/readme.md
+++ b/lib/modules/datasource/aws-machine-image/readme.md
@@ -3,7 +3,29 @@
     This datasource is experimental.
     Its syntax and behavior may change at any time!
 
-This datasource returns the latest [Amazon Machine Image](https://docs.aws.amazon.com/en_en/AWSEC2/latest/UserGuide/AMIs.html) via the AWS API (valid credentials required).
+This datasource returns the latest [Amazon Machine Image](https://docs.aws.amazon.com/en_en/AWSEC2/latest/UserGuide/AMIs.html) via the AWS API.
+
+Because the datasource uses the AWS-SDK for JavaScript, you can configure it like other AWS Tools.
+You can use common AWS configuration options, for example (partial list):
+
+- Setting the region via `AWS_REGION` (environment variable) or your `~/.aws/config` file
+- Provide credentials via `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` (environment variable) or your `~/.aws/credentials` file
+- Select the profile to use via `AWS_PROFILE` environment variable
+
+Read the [Developer guide](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/configuring-the-jssdk.html) for more information on configuration options.
+
+The least IAM privileges required for this datasource are:
+
+```json
+{
+  "Sid": "AllowEc2ImageLookup",
+  "Effect": "Allow",
+  "Action": ["ec2:DescribeImages"],
+  "Resource": "*"
+}
+```
+
+Read the [AWS IAM Reference](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html) for more information.
 
 Because there is no general `packageName`, you have to use the [describe images filter](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-ec2/interfaces/describeimagescommandinput.html#filters) as minified JSON as a `packageName`.