diff --git a/website/source/docs/secrets/aws/index.html.md b/website/source/docs/secrets/aws/index.html.md
index 1d238bb8ac..db09c4b769 100644
--- a/website/source/docs/secrets/aws/index.html.md
+++ b/website/source/docs/secrets/aws/index.html.md
@@ -305,7 +305,7 @@ Finally, let's create a "deploy" policy using the arn of our role to assume:
 
 ```text
 $ vault write aws/roles/deploy \
-    policy=arn:aws:iam::ACCOUNT-ID-WITHOUT-HYPHENS:role/RoleNameToAssume
+    arn=arn:aws:iam::ACCOUNT-ID-WITHOUT-HYPHENS:role/RoleNameToAssume
 ```
 
 To generate a new set of STS assumed role credentials, we again read from