Update readme with description of specific resources required

README.md

@@ -23,27 +23,40 @@ Serverless Desktop is currently in beta and we are seeking customer feedback. To
 <br />
 
 ## How does it work?
+
 Serverless Desktop will list your AWS Cloudformation stacks that are deployed via the [Serverless Framework](https://github.com/serverless/serverless), and create convenient views to work with the underlying AWS resources. Cloudformation stacks created outside of the Serverless Framework are currently not supported by Desktop.
 
 Desktop will prompt you to connect your AWS Account. This will create an IAM Role in your account, that will give Desktop periodic, temporary access credentials to perform a `list` operation on your Cloudformation Stacks, and associated AWS resources. These same credentials will be used to invoke your functions, access your DynamoDB tables, S3 buckets, and work with other resources associated with your Serverless project.
 
-Please note that while in beta, Serverless Desktop requires an AWS IAM Role with Admin permissions for your AWS account, which it assumes to periodically perform server-side operations. Desktop does not use long-lasting credentials. Instead, Desktop assumes the IAM Role you provide it, creates temporary credentials via AWS STS, and uses those for each opeartion. You control the IAM Role and can remove Desktop's access at any time. Within the upcoming weeks, Desktop will request specific permissions, rather than Admin access. Until then, please be aware of this behavior.
+Please note that while in beta, Serverless Desktop requires an AWS IAM Role with permissions for your AWS account, which it assumes to periodically perform server-side operations.
+Specifically:
+
+- S3
+- Dynamo
+- Lambda
+- API Gateway
+- CloudFormation
+- CloudWatch
+- IAM (only ListRolePolicies and GetRolePolicy)
+
+Desktop does not use long-lasting credentials. Instead, Desktop assumes the IAM Role you provide it, creates temporary credentials via AWS STS, and uses those for each operation. You control the IAM Role and can remove Desktop's access at any time. Within the upcoming weeks, Desktop will request specific permissions, rather than full read/write access. Until then, please be aware of this behavior.
 
 Log streaming is enabled for NodeJS Lambda functions via the [AWS Lambda Extensions API](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-extensions-api.html). When you navigate to a function event trigger (HTTP, direct invocation, etc.) Desktop will add a [Lambda Layer](https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html) to your function to capture log output. Additionally, the following environment variables are added to your Lambda:
+
 - `AWS_LAMBDA_EXEC_WRAPPER` - The path to the Extension entrypoint
 - `SERVERLESS_PLATFORM_CONFIG` - Configuration for your Serverless user and org
 - `SERVERLESS_PLATFORM_DEV_MODE` - Toggles on/off log streaming
 
-
 <br />
 
-
 ## Supported platforms
+
 - MacOS
 
 <br />
 
 ## Supported resources
+
 - AWS Lambda
 - AWS API Gateway
 - AWS DynamoDB
@@ -53,11 +66,13 @@ Log streaming is enabled for NodeJS Lambda functions via the [AWS Lambda Extensi
 <br />
 
 ## Limitations
+
 - AWS only
 - The AWS Role provisioned for Desktop is currently set to Administrative permissions. This will be scoped down in the future.
 - Log streaming is only supported for NodeJS runtimes
 
 <br />
 
 ## Feedback
+
 Feel free to create an [issue](https://github.com/serverless/desktop/issues/new) to report bugs, or request features.