diff --git a/content/doc/addons/cellar.md b/content/doc/addons/cellar.md
index e446ed8a..1a8eea47 100644
--- a/content/doc/addons/cellar.md
+++ b/content/doc/addons/cellar.md
@@ -520,7 +520,7 @@ This policy example grants read-only access to a bucket for another user, using
           "arn:aws:s3:::<bucket-name>",
           "arn:aws:s3:::<bucket-name>/*"
         ],
-        "Principal": {"AWS": "arn:aws:iam::cellar_xxx"}
+        "Principal": {"AWS": "arn:aws:iam:::user/<cellar_xxx>"}
 
       }
     ]
@@ -528,7 +528,7 @@ This policy example grants read-only access to a bucket for another user, using
 
 ```
 
-Replace the `<bucket-name>` with your bucket name in the policy file.
+Replace the `<bucket-name>` with your bucket name and `<cellar_xxx>` with the ID of the cellar to which you want to grant read-only access..
 
 Set the policy to your bucket using s3cmd: