From b228f5eb0f9da25bcae2172beac6b65b4c8b5c87 Mon Sep 17 00:00:00 2001
From: vishalnayak <vishalnayakv@gmail.com>
Date: Tue, 28 Mar 2017 14:34:21 -0700
Subject: [PATCH] docs: aws-ec2: link sts configuration from cross account
 access

---
 website/source/docs/auth/aws-ec2.html.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/website/source/docs/auth/aws-ec2.html.md b/website/source/docs/auth/aws-ec2.html.md
index 435a07501b..daf879b525 100644
--- a/website/source/docs/auth/aws-ec2.html.md
+++ b/website/source/docs/auth/aws-ec2.html.md
@@ -264,9 +264,10 @@ instance fails to renew the token on time.
 
 ### Cross Account Access
 
-To allow Vault to authenticate EC2 instances running in other accounts, AWS STS (Security
-Token Service) can be used to retrieve temporary credentials by assuming an IAM Role
-in those accounts.
+To allow Vault to authenticate EC2 instances running in other accounts, AWS STS
+(Security Token Service) can be used to retrieve temporary credentials by
+assuming an IAM Role in those accounts. All these accounts should be configured
+at the backend using the `auth/aws-ec2/config/sts/<account_id>` endpoint.
 
 The account in which Vault is running (i.e. the master account) must be listed as
 a trusted entity in the IAM Role being assumed on the remote account. The Role itself