diff --git a/create_saml_aws.sh b/create_saml_aws.sh
index e0c8b7b..8564a7e 100755
--- a/create_saml_aws.sh
+++ b/create_saml_aws.sh
@@ -10,7 +10,7 @@ if [ $? -ne -1 ]
     exit 1
 fi
 
-# create iam roles that saml users can assume:
+# create iam roles that saml users can assume, currently administrator or readonly roles:
 aws iam create-role --role-name administrator --assume-role-policy-document file://shibpolicy.json
 aws iam attach-role-policy --role-name administrator --policy-arn arn:aws:iam::aws:policy/AdministratorAccess
 aws iam create-role --role-name readonly --assume-role-policy-document file://shibpolicy.json