Clarify role setup instructions for S3 ClickPipes

Author: kschlarman

docs/integrations/data-ingestion/clickpipes/object-storage.md

@@ -148,7 +148,8 @@ These tables will not be visible using ClickHouse Cloud SQL Console, you will ne
 ## Authentication {#authentication}
 
 ### S3 {#s3}
-You can access public buckets with no configuration, and with protected buckets you can use [IAM credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html) or an [IAM Role](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html). You can [refer to this guide](/cloud/security/secure-s3) to understand the required permission for accessing your data.
+You can access public buckets with no configuration, and with protected buckets you can use [IAM credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html) or an [IAM Role](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html).
+To use an IAM Role, you will need to create the IAM Role as specified [in this guide](/cloud/security/secure-s3). Copy the new IAM Role Arn after creation and paste it into the ClickPipe configuration as the "IAM ARN role".
 
 ### GCS {#gcs}
 Like S3, you can access public buckets with no configuration, and with protected buckets you can use [HMAC Keys](https://cloud.google.com/storage/docs/authentication/managing-hmackeys) in place of the AWS IAM credentials. You can read this guide from Google Cloud on [how to setup such keys](https://cloud.google.com/storage/docs/authentication/hmackeys).