Improve AWS Assume Role documentation

docs/index.md

@@ -1,25 +1,27 @@
-## AWS Provider
+# AWS Provider
 
-The CloudQuery AWS provider pulls configuration out of AWS resources, normalizes them and stores them in PostgreSQL database.
+The CloudQuery AWS provider extracts and transforms your AWS cloud assets configuration into PostgreSQL.
 
-### Install
+This provider also supports additional capabilities:
+- [Terraform Drift Detection](https://docs.cloudquery.io/docs/cli/drift/overview)
+
+## Install
 
 ```shell
 cloudquery init aws
 ```
 
-### Authentication
+## Authentication
 
-To authenticate cloudquery with your AWS account you can use any of the following options (see full documentation at [AWS SDK V2](https://aws.github.io/aws-sdk-go-v2/docs/configuring-sdk/#specifying-credentials)):
+To authenticate CloudQuery with your AWS account you can use any of the following options (see full documentation at [AWS SDK V2](https://aws.github.io/aws-sdk-go-v2/docs/configuring-sdk/#specifying-credentials)):
 
-- Static Credentials: `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_SESSION_TOKEN`
+- Environment variables: `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_SESSION_TOKEN`, `AWS_PROFILE`
 - Shared configuration files (via `aws configure`).
   - SDK defaults to `credentials` file under `.aws` folder that is placed in the home folder on your computer.
   - SDK defaults to `config` file under `.aws` folder that is placed in the home folder on your computer.
-- If your application uses an ECS task definition or RunTask API operation, IAM role for tasks.
 - If your application is running on an Amazon EC2 instance, IAM role for Amazon EC2.
 
-### Configuration
+## Configuration
 
 The following configuration section can be automaticlly generated by `cloudquery init aws`:
 
@@ -40,28 +42,58 @@ provider "aws" {
     // The maximum back off delay between attempts. The backoff delays exponentially with a jitter based on the number of attempts. Defaults to 60 seconds.
     // max_backoff = 30
   }
+
+  resources = ["*"]
+}
 ```
 
 By default cloudquery will fetch all configuration from **all** resources in **all** regions in the **default** account. You can change this behaviour with the following arguments:
 
+### Arguments
+
 - `accounts` **(Optional)** - Specify multiple accounts to fetch data from them concurrently and then query across accounts. The default configured account should be able [AssumeRole](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html) to the specified accounts.
 - `regions` **(Optional)** - limit fetching to specific regions.
+- `max_retries` **(Optional)** - The maximum number of times that a request will be retried for failures. Defaults to 5 retry attempts.
+- `max_backoff` **(Optional)** - The maximum back off delay between attempts. The backoff delays exponentially with a jitter based on the number of attempts. Defaults to 60 seconds.
+- `aws_debug` **(Optiona)** - This will print very verbose/debug output from AWS SDK. Defaults to false.
+
+### Assume Role
+
+CloudQuery can fetch from multiple accounts in parallel by using AssumeRole (You will need to use credentials that can AssumeRole to all other specified account. Following is an example configuration:
+
+```hcl
+provider "aws" {
+  configuration {
+    // Optional. if you want to assume role to multiple account and fetch data from them
+    accounts "<AccountID_1>" {
+      Optional. Role ARN we want to assume when accessing this account
+      role_arn = <YOUR_ROLE_ARN_1>
+    }
+    accounts "<AccountID_2>" {
+      Optional. Role ARN we want to assume when accessing this account
+      role_arn = <YOUR_ROLE_ARN_2>
+    }
+  }
+
+  resources = ["*"]
+}
+```
 
-### Query Examples
+## Query Examples
 
-#### Find all public facing load balancers
+### Find all public facing load balancers
 
 ```sql
 SELECT * FROM aws_elbv2_load_balancers WHERE scheme = 'internet-facing';
 ```
 
-#### Find all unencrypted RDS instances
+### Find all unencrypted RDS instances
 
 ```sql
 SELECT * from aws_rds_clusters where storage_encrypted = 0;
 ```
 
-#### Find all unencrypted buckets
+### Find all unencrypted buckets
 
 ```sql
 SELECT * from aws_rds_clusters where storage_encrypted = 0;