From f7a72af2e49841c85572e92d4814b67d28907d45 Mon Sep 17 00:00:00 2001
From: Yaliang Wu <ylwu@amazon.com>
Date: Thu, 25 Jan 2024 08:40:31 -0800
Subject: [PATCH] add missing part

Signed-off-by: Yaliang Wu <ylwu@amazon.com>
---
 ...ntic_search_with_cohere_embedding_model.md | 34 +++++++++++++++++--
 1 file changed, 31 insertions(+), 3 deletions(-)

diff --git a/docs/tutorials/aws/semantic_search_with_cohere_embedding_model.md b/docs/tutorials/aws/semantic_search_with_cohere_embedding_model.md
index 8837e05a1a..22fd600ee4 100644
--- a/docs/tutorials/aws/semantic_search_with_cohere_embedding_model.md
+++ b/docs/tutorials/aws/semantic_search_with_cohere_embedding_model.md
@@ -73,7 +73,23 @@ Copy the role ARN which will be used in later steps.
 Generate a new IAM role specifically for signing your create connector request.
 
 
-Create IAM role `my_create_connector_role` with permission
+Create IAM role `my_create_connector_role` with 
+- Custom trust policy, `your_iam_user_arn` is the IAM user which will run `aws sts assume-role` in step 4.1
+```
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "AWS": "your_iam_user_arn"
+            },
+            "Action": "sts:AssumeRole"
+        }
+    ]
+}
+```
+- permission
 ```
 {
     "Version": "2012-10-17",
@@ -108,11 +124,23 @@ Click "Map", then the IAM role configured successfully in your OpenSearch cluste
 Find more details on [connector](https://opensearch.org/docs/latest/ml-commons-plugin/remote-models/connectors/)
 
 
-Get temporary credential of the role created in step 3.1:
+### 4.1 Get temporary credential of the role created in step 3.1:
 ```
 aws sts assume-role —role-arn your_iam_role_arn_created_in_step3.1 --role-session-name your_session_name
 ```
-Run this python code with the temporary credential
+
+the temporary credential configured in `~/.aws/credentials` like this
+
+```
+[default]
+AWS_ACCESS_KEY_ID=your_access_key_of_role_created_in_step3.1
+AWS_SECRET_ACCESS_KEY=your_secret_key_of_role_created_in_step3.1
+AWS_SESSION_TOKEN=your_session_token_of_role_created_in_step3.1
+```
+
+### 4.2 Create connector
+
+Run this python code with the temporary credential configured in `~/.aws/credentials`
  
 ```
 import boto3