diff --git a/docs/source/getting_started/deploy.rst b/docs/source/getting_started/deploy.rst
index 17e7059..2431013 100644
--- a/docs/source/getting_started/deploy.rst
+++ b/docs/source/getting_started/deploy.rst
@@ -44,6 +44,12 @@ Setup Lambda repository
         $ docker tag public.ecr.aws/p2d2x2s3/cypienta/vrl-lambda:v0.1 ${ECR_URI}/${REPO_NAME}:v0.1
         $ docker push ${ECR_URI}/${REPO_NAME}:v0.1
 
+7. Copy the ECR Image URI and make a note of it to use in CloudFormation template
+
+    .. code-block:: shell
+
+        $ echo ${ECR_URI}/${REPO_NAME}:v0.1
+
 
 Deploy resources using the Cloud Formation template
 ---------------------------------------------------
@@ -107,7 +113,7 @@ Deploy resources using the Cloud Formation template
 
     **NginxContainerImage:** The container image of the subscribed marketplace UI product with tag ``nginx-market*``. The ``Nginx container image`` noted in the section :doc:`subscribe`.
 
-    **VRLLambdaImage:** The container image of the VRL Lambda that was pushed to ECR private repository in :ref:`my-heading`
+    **VRLLambdaImage:** The container image of the VRL Lambda that was pushed to ECR private repository in :ref:`setup_lambda_repository`
 
     The constraints for choosing the ``Cpu`` and ``Memory`` for the cluster can be found `here <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-cpu>`__
 
diff --git a/docs/source/getting_started/resources/vrl_image.png b/docs/source/getting_started/resources/vrl_image.png
new file mode 100644
index 0000000..46dba06
Binary files /dev/null and b/docs/source/getting_started/resources/vrl_image.png differ
diff --git a/docs/source/splunk/splunk.rst b/docs/source/splunk/splunk.rst
index bc9c55b..60ea681 100644
--- a/docs/source/splunk/splunk.rst
+++ b/docs/source/splunk/splunk.rst
@@ -1,6 +1,42 @@
 Configure Splunk
 ================
 
+Getting AWS Access key
+----------------------
+
+To get data from and to S3, the Apps for Splunk would require Access keys from AWS. Follow the steps below to get Access key. If you already have Access key and corresponding Secret key, you can skip to :ref:`getting_data_from_splunk` 
+
+1. Navigate to AWS console and search for ``IAM``.
+
+2. On the left hand side panel, under ``Access Management``, select ``Users``
+
+    .. image:: splunk_resources/iam_users_panel.png
+        :alt: select users from panel
+        :align: center
+
+3. Click on the user for whom you want to create Access key. Select the tab ``Security credentials`` and find ``Access keys`` section. Click on ``Create access key`` button on top right of the section.
+
+    .. image:: splunk_resources/access_key_tab.png
+        :alt: select users from panel
+        :align: center
+
+4. On the ``Access key best practices & alternatives`` page, select ``Other`` and click on ``Next``.
+
+    .. image:: splunk_resources/other_access_key.png
+        :alt: select other
+        :align: center
+
+5. Set an optional description tag for the access key and click on ``Create access key``.
+
+6. Make note of the ``Access key`` and ``Secret access key`` to use in later steps. You may also download .csv file by clicking on ``Download .csv file``.
+
+    .. image:: splunk_resources/copy_access_key.png
+        :alt: copy access key
+        :align: center
+
+
+.. _getting_data_from_splunk:
+
 Getting data from Splunk to S3
 ------------------------------
 
@@ -25,7 +61,7 @@ To get search results of Splunk to AWS S3. Follow the steps below:
 
 4. On the configuration page. Click on the ``Account`` tab, and click on ``Add`` to add an AWS account.
 
-    Then click on the ``IAM Role`` tab, and add an IAM role that has ``write`` permissions to S3.
+    Then click on the ``IAM Role`` tab, and add an IAM role that has ``write`` permissions to S3. You can use the ARN of IAM role created by the CloudFormation template for Lambda.
 
     In the ``Logging`` tab, the ``Log level`` is set to ``INFO`` by default, modify it as required.
 
diff --git a/docs/source/splunk/splunk_resources/access_key_tab.png b/docs/source/splunk/splunk_resources/access_key_tab.png
new file mode 100644
index 0000000..4d34e9f
Binary files /dev/null and b/docs/source/splunk/splunk_resources/access_key_tab.png differ
diff --git a/docs/source/splunk/splunk_resources/copy_access_key.png b/docs/source/splunk/splunk_resources/copy_access_key.png
new file mode 100644
index 0000000..0a1ca75
Binary files /dev/null and b/docs/source/splunk/splunk_resources/copy_access_key.png differ
diff --git a/docs/source/splunk/splunk_resources/iam_users_panel.png b/docs/source/splunk/splunk_resources/iam_users_panel.png
new file mode 100644
index 0000000..fc19fb4
Binary files /dev/null and b/docs/source/splunk/splunk_resources/iam_users_panel.png differ
diff --git a/docs/source/splunk/splunk_resources/other_access_key.png b/docs/source/splunk/splunk_resources/other_access_key.png
new file mode 100644
index 0000000..a8314d5
Binary files /dev/null and b/docs/source/splunk/splunk_resources/other_access_key.png differ