diff --git a/config.cfg b/config.cfg
index f972251..c838a64 100644
--- a/config.cfg
+++ b/config.cfg
@@ -103,6 +103,12 @@ cloud_providers:
   digitalocean:
     size: s-1vcpu-1gb
     image: "ubuntu-18-04-x64"
+  # Change the encrypted flag to "true" to enable AWS volume encryption, for encryption of data at rest.
+  # Warning: the Algo script will take approximately 6 minutes longer to complete.
+  # Also note that the documented AWS minimum permissions aren't sufficient. 
+  # You will have to edit the AWS user policy documented at 
+  # https://github.com/trailofbits/algo/blob/master/docs/cloud-amazon-ec2.md to also allow "ec2:CopyImage". 
+  # See https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-edit.html
   ec2:
     encrypted: false
     size: t2.micro