diff --git a/create_saml_aws.sh b/create_saml_aws.sh
index 79c1f24..e0c8b7b 100755
--- a/create_saml_aws.sh
+++ b/create_saml_aws.sh
@@ -2,7 +2,7 @@
 
 [ $# -eq 0 ] && { echo "Usage: $0 name_of_idp "; exit 1; }
 
-
+# call to create the saml provider in the AWS accounts
 aws iam create-saml-provider --saml-metadata-document file://idp.xml --name $1
 if [ $? -ne -1 ]
   then
@@ -10,6 +10,7 @@ if [ $? -ne -1 ]
     exit 1
 fi
 
+# create iam roles that saml users can assume:
 aws iam create-role --role-name administrator --assume-role-policy-document file://shibpolicy.json
 aws iam attach-role-policy --role-name administrator --policy-arn arn:aws:iam::aws:policy/AdministratorAccess
 aws iam create-role --role-name readonly --assume-role-policy-document file://shibpolicy.json