From 3102335c83dfeb01b5597f9cd79d24af74edfb48 Mon Sep 17 00:00:00 2001
From: Josselin Costanzi <costanzj@amazon.com>
Date: Mon, 26 Oct 2020 18:43:34 -0700
Subject: [PATCH] README: add documentation for running containers as non-root

---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index 47e8c743e..a9cbc735b 100644
--- a/README.md
+++ b/README.md
@@ -106,6 +106,10 @@ Or for Kubernetes 1.14+
 [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html
 [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html
 
+### Usage with non-root container user
+
+When running a container with a non-root user, you need to give the container access to the token file by setting the `fsGroup` field in the `securityContext` object.
+
 ## Usage
 
 ```