📝 Clarify OKTA_AWS_ROLE_TO_ASSUME

- Specify that OKTA_AWS_ROLE_TO_ASSUME needs a full IAM Role ARN Resolves oktadev#254
tdupreeibp · Dec 18, 2018 · 5efc973 · 5efc973
1 parent 6de7692
commit 5efc973
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/Readme.MD b/Readme.MD
@@ -157,7 +157,7 @@ Here is the list of parameters that can be environment variables or settings in
  - ```OKTA_COOKIES_PATH``` is directory path to store cookies.properties for Okta. This is particularly useful when running this tool in many concurrent processes like you might with **OKTA_ENV_MODE** (default: ~/.okta)
  - ```OKTA_PROFILE``` is the name of the AWS profile to create/reuse. May also be specified on the commandline by ```--profile```. (default: get AWS profile name based on per-session STS user name) 
  - ```OKTA_AWS_REGION``` is the default AWS region to store with the created profile.
- - ```OKTA_AWS_ROLE_TO_ASSUME``` is the role to use. If present will try to match okta account's retrieved role list and use it. Will still prompt if no match found.
+ - ```OKTA_AWS_ROLE_TO_ASSUME``` is the IAM Role ARN to use. If present will try to match okta account's retrieved role list and use it. Will still prompt if no match found. (ex: **arn:aws:iam::123456789012:role/EC2-Admins**)
  - ```OKTA_STS_DURATION``` is the duration the role will be assumed, in seconds. The maximum session duration allowed by AWS is 12 hours and this needs to be set on the role as well. Defaults to 1hr.
  
  - **Obtaining the AWS app url**