From 1364304e79baf396dd877c6448a13b96336aeff2 Mon Sep 17 00:00:00 2001
From: Eric Fried <efried@redhat.com>
Date: Tue, 28 Apr 2020 13:47:12 -0500
Subject: [PATCH] No IAM permissions required to mount access points

Document the additional IAM permissions needed (none, by default) to
mount access points.
---
 examples/kubernetes/access_points/README.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/examples/kubernetes/access_points/README.md b/examples/kubernetes/access_points/README.md
index 91d3def7d..7a09e1453 100644
--- a/examples/kubernetes/access_points/README.md
+++ b/examples/kubernetes/access_points/README.md
@@ -6,7 +6,10 @@ In this case, the separation is managed on the EFS side rather than the kubernet
 
 ### Create Access Points (in EFS)
 Following [this doc](https://docs.aws.amazon.com/efs/latest/ug/create-access-point.html), create a separate access point for each independent data store you wish to expose in your cluster, tailoring the ownership and permissions as desired.
-Note that there's no need to use different EFS volumes.
+There is no need to use different EFS volumes.
+
+**Note**: Although it is possible to [configure IAM policies for access points](https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html#access-points-iam-policy), by default no additional IAM permissions are necessary.
+
 This example assumes you are using two access points.
 
 ### Edit [Persistent Volume Spec](./specs/example.yaml)