diff --git a/website/content/docs/concepts/host-discovery/aws.mdx b/website/content/docs/concepts/host-discovery/aws.mdx
index ca819f8530..84309bc1e2 100644
--- a/website/content/docs/concepts/host-discovery/aws.mdx
+++ b/website/content/docs/concepts/host-discovery/aws.mdx
@@ -46,7 +46,7 @@ Example policy:
 }
 ```
 
-To enable allow for static credential rotation, add the `iam:GetUser`, `iam:CreateAccessKey`, and `iam:DeleteAccessKey` policies:
+To allow static credential rotation, add the `iam:GetUser`, `iam:CreateAccessKey`, and `iam:DeleteAccessKey` policies:
 
 ```json
 {
@@ -70,10 +70,12 @@ To enable allow for static credential rotation, add the `iam:GetUser`, `iam:Crea
 
 <Note>
 
-  This feature requires a self-managed Boundary [worker](/boundary/docs/install-boundary/configure-workers).
+  [Cross-account access](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies-cross-account-resource-access.html) for AWS IAM roles is not currently supported.
 
 </Note>
 
+This feature requires a self-managed Boundary [worker](/boundary/docs/install-boundary/configure-workers).
+
 To set up a dynamic host catalog using an AWS role, a self-managed worker must assume the role. You must assign the role to the self-managed worker AWS instance, and then supply a worker filter that matches the AWS worker when you set up the dynamic host catalog.
 
 Perform the following steps to set up a host catalog using [AssumeRole](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html):