From d0acc30173597873eec66c28974df1792f0c75a9 Mon Sep 17 00:00:00 2001
From: Pritha Srivastava <prsrivas@redhat.com>
Date: Wed, 31 Oct 2018 11:22:40 +0530
Subject: [PATCH] rgw: Fixes to STS Lite documentation.

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
---
 doc/radosgw/STSLite.rst | 28 ++++++++++++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/doc/radosgw/STSLite.rst b/doc/radosgw/STSLite.rst
index 3ce53a5b38ed5..e065d4ec96986 100644
--- a/doc/radosgw/STSLite.rst
+++ b/doc/radosgw/STSLite.rst
@@ -31,8 +31,7 @@ Parameters:
     **SerialNumber** (String/ Optional): The Id number of the MFA device associated 
     with the user making the GetSessionToken call.
 
-    **TokenCode** (String/ Optional): The value provided by the MFA device, if the 
-    trust policy of the role being assumed requires MFA.
+    **TokenCode** (String/ Optional): The value provided by the MFA device, if MFA is required.
 
 
 2. AssumeRole: Returns a set of temporary credentials that can be used for 
@@ -160,6 +159,31 @@ Keystone.
                     created = bucket['CreationDate'],
     )
 
+4. The following is an example of AssumeRole API call:
+
+.. code-block:: python
+
+    import boto3
+
+    access_key = <ec2 access key>
+    secret_key = <ec2 secret key>
+
+    client = boto3.client('sts',
+    aws_access_key_id=access_key,
+    aws_secret_access_key=secret_key,
+    endpoint_url=<STS URL>,
+    region_name='',
+    )
+
+    response = client.assume_role(
+    RoleArn='arn:aws:iam:::role/application_abc/component_xyz/S3Access',
+    RoleSessionName='Bob',
+    DurationSeconds=3600
+    )
+
+
+Note: A role 'S3Access', needs to be created before calling the AssumeRole API.
+
 Limitations and Workarounds
 ===========================
 
-- 
2.39.5