diff --git a/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_aws_creds.sh b/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_aws_creds.sh
index 22f0b806ac..b9571e1af0 100755
--- a/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_aws_creds.sh
+++ b/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_aws_creds.sh
@@ -7,6 +7,8 @@ echo "Deploy AWS credentials."
 
 echo "Write the bucket."
 # Always create the header and write the bucket, it's slightly ugly but it will work
+# The bucket is always set, becuase the instance can potentially authenticate to AWS
+# with its instance profile, without any explicit credentials.
 sudo tee -a /etc/osbuild-worker/osbuild-worker.toml > /dev/null << EOF
 [aws]
 bucket = "${WORKER_CONFIG_AWS_BUCKET:-}"