diff --git a/pentesting-cloud/aws-pentesting/aws-post-exploitation/aws-sts-post-exploitation.md b/pentesting-cloud/aws-pentesting/aws-post-exploitation/aws-sts-post-exploitation.md
index a5bee2e888..4866b0b0cf 100644
--- a/pentesting-cloud/aws-pentesting/aws-post-exploitation/aws-sts-post-exploitation.md
+++ b/pentesting-cloud/aws-pentesting/aws-post-exploitation/aws-sts-post-exploitation.md
@@ -32,6 +32,8 @@ The following script will use the default profile and a default AWS location (no
 {% code overflow="wrap" %}
 ```bash
 # Get federated creds (you must indicate a policy or they won't have any perms)
+## Even if you don't have Admin access you can indicate that policy to make sure you get all your privileges
+## Don't forget to use [--profile <prof_name>] in the first line if you need to
 output=$(aws sts get-federation-token --name consoler --policy-arns arn=arn:aws:iam::aws:policy/AdministratorAccess)
 
 if [ $? -ne 0 ]; then