From 58bec210841d208a9c52679b033ade809c131c35 Mon Sep 17 00:00:00 2001
From: markussiebert <mail@markussiebert.com>
Date: Wed, 6 Apr 2022 08:08:54 +0200
Subject: [PATCH] docs: More details about configuration of aws machine image
 datasource (#14698)

---
 .../datasource/aws-machine-image/readme.md    | 24 ++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/lib/modules/datasource/aws-machine-image/readme.md b/lib/modules/datasource/aws-machine-image/readme.md
index 14f8317f66..3997cb49a2 100644
--- a/lib/modules/datasource/aws-machine-image/readme.md
+++ b/lib/modules/datasource/aws-machine-image/readme.md
@@ -3,7 +3,29 @@
     This datasource is experimental.
     Its syntax and behavior may change at any time!
 
-This datasource returns the latest [Amazon Machine Image](https://docs.aws.amazon.com/en_en/AWSEC2/latest/UserGuide/AMIs.html) via the AWS API (valid credentials required).
+This datasource returns the latest [Amazon Machine Image](https://docs.aws.amazon.com/en_en/AWSEC2/latest/UserGuide/AMIs.html) via the AWS API.
+
+Because the datasource uses the AWS-SDK for JavaScript, you can configure it like other AWS Tools.
+You can use common AWS configuration options, for example (partial list):
+
+- Setting the region via `AWS_REGION` (environment variable) or your `~/.aws/config` file
+- Provide credentials via `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` (environment variable) or your `~/.aws/credentials` file
+- Select the profile to use via `AWS_PROFILE` environment variable
+
+Read the [Developer guide](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/configuring-the-jssdk.html) for more information on configuration options.
+
+The least IAM privileges required for this datasource are:
+
+```json
+{
+  "Sid": "AllowEc2ImageLookup",
+  "Effect": "Allow",
+  "Action": ["ec2:DescribeImages"],
+  "Resource": "*"
+}
+```
+
+Read the [AWS IAM Reference](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html) for more information.
 
 Because there is no general `packageName`, you have to use the [describe images filter](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-ec2/interfaces/describeimagescommandinput.html#filters) as minified JSON as a `packageName`.
 
-- 
GitLab