diff --git a/changelog/unreleased/issue-4472 b/changelog/unreleased/issue-4472
index 97553f946..3049fdf30 100644
--- a/changelog/unreleased/issue-4472
+++ b/changelog/unreleased/issue-4472
@@ -1,14 +1,18 @@
 Enhancement: Allow AWS Assume Role to be used for S3 backend
 
-Previously only credentials discovered via the Minio Click discovery methods
-would be used to authenticate. However there are many circumstances where the
-discovered credentials have lower permissions and need to assume a specific role.
+Previously only credentials discovered via the Minio discovery methods
+were used to authenticate.
 
-New Environment Variables:
+However, there are many circumstances where the discovered credentials have
+lower permissions and need to assume a specific role. This is now possible
+using the following new environment variables.
 
 - RESTIC_AWS_ASSUME_ROLE_ARN
 - RESTIC_AWS_ASSUME_ROLE_SESSION_NAME
 - RESTIC_AWS_ASSUME_ROLE_EXTERNAL_ID
-- RESTIC_AWS_ASSUME_ROLE_REGION (if need to override from us-east-1)
+- RESTIC_AWS_ASSUME_ROLE_REGION (defaults to us-east-1)
 - RESTIC_AWS_ASSUME_ROLE_POLICY
-- RESTIC_AWS_ASSUME_ROLE_STS_ENDPOINT
\ No newline at end of file
+- RESTIC_AWS_ASSUME_ROLE_STS_ENDPOINT
+
+https://github.com/restic/restic/issues/4472
+https://github.com/restic/restic/pull/4474
diff --git a/doc/040_backup.rst b/doc/040_backup.rst
index 3de8ef554..d36986441 100644
--- a/doc/040_backup.rst
+++ b/doc/040_backup.rst
@@ -631,7 +631,9 @@ environment variables. The following lists these environment variables:
     RESTIC_AWS_ASSUME_ROLE_ARN          Amazon IAM Role ARN to assume using discovered credentials
     RESTIC_AWS_ASSUME_ROLE_SESSION_NAME Session Name to use with the role assumption
     RESTIC_AWS_ASSUME_ROLE_EXTERNAL_ID  External ID to use with the role assumption
-    RESTIC_AWS_ASSUME_ROLE_REGION       Region to use for IAM calls for the role assumption
+    RESTIC_AWS_ASSUME_ROLE_POLICY       Inline Amazion IAM session policy
+    RESTIC_AWS_ASSUME_ROLE_REGION       Region to use for IAM calls for the role assumption (default: us-east-1)
+    RESTIC_AWS_ASSUME_ROLE_STS_ENDPOINT URL to the STS endpoint (default is determined based on RESTIC_AWS_ASSUME_ROLE_REGION). You generally do not need to set this, advanced use only.
 
     AZURE_ACCOUNT_NAME                  Account name for Azure
     AZURE_ACCOUNT_KEY                   Account key for Azure