From e13f1754ddc2e3f49e4e8204d183661dcdbeaf50 Mon Sep 17 00:00:00 2001
From: Lukas Zapletal <lzap+git@redhat.com>
Date: Tue, 14 Jan 2025 18:16:03 +0100
Subject: [PATCH] docs: add missing S3 permissions

---
 README.md | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 0d531a21..7f573fb1 100644
--- a/README.md
+++ b/README.md
@@ -205,7 +205,26 @@ Note that when no value is given the progress is auto-detected baed on the envir
 
 #### Prerequisites
 
-In order to successfully import an AMI into your AWS account, you need to have the [vmimport service role](https://docs.aws.amazon.com/vm-import/latest/userguide/required-permissions.html) configured on your account.
+In order to successfully import an AMI into your AWS account, you need to have the [vmimport service role](https://docs.aws.amazon.com/vm-import/latest/userguide/required-permissions.html) configured on your account with the following additional permissions:
+
+```
+{
+    "Effect": "Allow",
+    "Action": [
+        "s3:ListAllMyBuckets",
+        "s3:GetBucketAcl",
+        "s3:DeleteObject"
+    ],
+    "Resource": [
+        "arn:aws:s3:::amzn-s3-demo-import-bucket",
+        "arn:aws:s3:::amzn-s3-demo-import-bucket/*",
+        "arn:aws:s3:::amzn-s3-demo-export-bucket",
+        "arn:aws:s3:::amzn-s3-demo-export-bucket/*"
+    ]
+},
+```
+
+Replace `amzn-s3-demo-import-bucket` in the ARN with the bucket name.
 
 #### Flags