From c66ff463861fdccfd953da71ff3bb9b113de5096 Mon Sep 17 00:00:00 2001
From: Felix Breidenstein <felix@codemonauts.com>
Date: Mon, 24 Feb 2020 21:09:02 +0100
Subject: [PATCH] Adde pricing and IAM example to README

---
 README.md | 48 ++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 44 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index fd234a7..b296a1a 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,46 @@
 
 This tool helps you to share a virtual TOTP MFA-device with a team by saving the intial seed at AWS SecretsManager.
 
+## Pricing
+SecretsManager is charged both per secret and per 10.000 API calls. Every secret costs 0.40\$/Month which will be the
+main operational costs of this tool. 10k API calls will cost you 0.05$, which you probably never reach in a month even
+with a larger people using this tool multiple times a day.
+
+Because every value in AWS SecretsManager is a JSON object we could save all
+seeds in a single key/value pair and cap the monthly costs 0.40\$/month by
+this, but would loose the feature of fine-grained access control with an IAM
+rule.
+
+## IAM permissions
+With this policy one could use all features of this tool. If you want people to just have read access, just remove the 
+`Delete` and `Create` actions.
+```
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "secretsmanager:GetSecretValue",
+                "secretsmanager:DeleteSecret"
+            ],
+            "Resource": "arn:aws:secretsmanager:eu-central-1:<your-account-id>:secret:2fa-*"
+        },
+        {
+            "Sid": "VisualEditor1",
+            "Effect": "Allow",
+            "Action": [
+                "secretsmanager:CreateSecret",
+                "secretsmanager:ListSecrets"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+```
+
+## Usage
 ```
 Available Commands:
   add         Create a new entry
@@ -11,7 +51,7 @@ Available Commands:
   list        A brief description of your command
 ```
 
-## add
+### add
 ```
 Create a new entry
 
@@ -19,7 +59,7 @@ Usage:
   shared-2fa add <name> <seed>
 ```
 
-## delete
+### delete
 ```
 Delete an entry
 
@@ -27,7 +67,7 @@ Usage:
   shared-2fa delete <name>
 ```
 
-## generate
+### generate
 ```
 Generate a token for the given entry
 
@@ -35,7 +75,7 @@ Usage:
   shared-2fa generate <name>
 ```
 
-## list
+### list
 ```
 List all available entries