From 30d3a220616bfe597ad2434de0e86739cc6d1ccd Mon Sep 17 00:00:00 2001
From: CPol <carlospolop@gmail.com>
Date: Sat, 16 Dec 2023 15:41:58 +0000
Subject: [PATCH] GITBOOK-490: change request with no subject merged in GitBook

---
 .../aws-post-exploitation/aws-sts-post-exploitation.md          | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pentesting-cloud/aws-pentesting/aws-post-exploitation/aws-sts-post-exploitation.md b/pentesting-cloud/aws-pentesting/aws-post-exploitation/aws-sts-post-exploitation.md
index a5bee2e888..4866b0b0cf 100644
--- a/pentesting-cloud/aws-pentesting/aws-post-exploitation/aws-sts-post-exploitation.md
+++ b/pentesting-cloud/aws-pentesting/aws-post-exploitation/aws-sts-post-exploitation.md
@@ -32,6 +32,8 @@ The following script will use the default profile and a default AWS location (no
 {% code overflow="wrap" %}
 ```bash
 # Get federated creds (you must indicate a policy or they won't have any perms)
+## Even if you don't have Admin access you can indicate that policy to make sure you get all your privileges
+## Don't forget to use [--profile <prof_name>] in the first line if you need to
 output=$(aws sts get-federation-token --name consoler --policy-arns arn=arn:aws:iam::aws:policy/AdministratorAccess)
 
 if [ $? -ne 0 ]; then