diff --git a/README.md b/README.md
index f3ec1c6..5250a45 100644
--- a/README.md
+++ b/README.md
@@ -84,41 +84,36 @@ module "circleci" {
 ## Examples
 
 ```hcl
-data "aws_iam_policy_document" "fluentd_user_policy" {
-  statement {
-    actions = [
-      "logs:DescribeDestinations",
-      "logs:DescribeExportTasks",
-      "logs:DescribeLogGroups",
-      "logs:DescribeLogStreams",
-      "logs:DescribeMetricFilters",
-      "logs:DescribeSubscriptionFilters",
-      "logs:FilterLogEvents",
-      "logs:GetLogEvents",
-      "logs:CreateLogGroup",
-      "logs:CreateLogStream",
-      "logs:PutLogEvents",
-      "logs:DescribeLogStreams",
-      "logs:CreateLogStream",
-      "logs:DeleteLogStream",
-    ]
-
-    resources = ["*"]
-  }
-}
-
 module "fluentd_user" {
   source    = "git::https://github.com/cloudposse/terraform-aws-iam-system-user.git?ref=master"
   namespace = "eg"
   stage     = "dev"
   name      = "fluentd"
+
+  policy_arns_map = {
+    logs = "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess"
+  }
+
+  inline_policies_map = {
+    s3 = aws_iam_policy_document.s3_policy.json
+  }
 }
 
+data "aws_iam_policy_document" "s3_policy" {
+  statement {
+    actions = [
+      "s3:PutObject",
+      "s3:GetObjectAcl",
+      "s3:GetObject",
+      "s3:ListBucket",
+      "s3:PutObjectAcl"
+    ]
 
-resource "aws_iam_user_policy" "default" {
-  name   = "${module.fluentd_user.user_name}"
-  user   = "${module.fluentd_user.user_name}"
-  policy = "${data.aws_iam_policy_document.fluentd_user_policy.json}"
+    resources = [
+      "arn:aws:s3:::bucket_name/*",
+      "arn:aws:s3:::bucket_name/"
+    ]
+  }
 }
 ```
 
diff --git a/README.yaml b/README.yaml
index 0bd6352..723060c 100644
--- a/README.yaml
+++ b/README.yaml
@@ -78,41 +78,36 @@ usage: |-
 
 examples: |-
   ```hcl
-  data "aws_iam_policy_document" "fluentd_user_policy" {
-    statement {
-      actions = [
-        "logs:DescribeDestinations",
-        "logs:DescribeExportTasks",
-        "logs:DescribeLogGroups",
-        "logs:DescribeLogStreams",
-        "logs:DescribeMetricFilters",
-        "logs:DescribeSubscriptionFilters",
-        "logs:FilterLogEvents",
-        "logs:GetLogEvents",
-        "logs:CreateLogGroup",
-        "logs:CreateLogStream",
-        "logs:PutLogEvents",
-        "logs:DescribeLogStreams",
-        "logs:CreateLogStream",
-        "logs:DeleteLogStream",
-      ]
-
-      resources = ["*"]
-    }
-  }
-
   module "fluentd_user" {
     source    = "git::https://github.com/cloudposse/terraform-aws-iam-system-user.git?ref=master"
     namespace = "eg"
     stage     = "dev"
     name      = "fluentd"
+
+    policy_arns_map = {
+      logs = "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess"
+    }
+
+    inline_policies_map = {
+      s3 = aws_iam_policy_document.s3_policy.json
+    }
   }
 
+  data "aws_iam_policy_document" "s3_policy" {
+    statement {
+      actions = [
+        "s3:PutObject",
+        "s3:GetObjectAcl",
+        "s3:GetObject",
+        "s3:ListBucket",
+        "s3:PutObjectAcl"
+      ]
 
-  resource "aws_iam_user_policy" "default" {
-    name   = "${module.fluentd_user.user_name}"
-    user   = "${module.fluentd_user.user_name}"
-    policy = "${data.aws_iam_policy_document.fluentd_user_policy.json}"
+      resources = [
+        "arn:aws:s3:::bucket_name/*",
+        "arn:aws:s3:::bucket_name/"
+      ]
+    }
   }
   ```