diff --git a/modules/ROOT/pages/provisioning-aws.adoc b/modules/ROOT/pages/provisioning-aws.adoc
index 60f146b4..57b43502 100644
--- a/modules/ROOT/pages/provisioning-aws.adoc
+++ b/modules/ROOT/pages/provisioning-aws.adoc
@@ -77,7 +77,7 @@ aws s3 mb s3://$NAME-infra
 ----
 NAME='instance1'
 CONFIG='/path/to/config.ign' # path to your Ignition config
-aws s3 cp CONFIG s3://$NAME-infra/bootstrap.ign
+aws s3 cp $CONFIG s3://$NAME-infra/bootstrap.ign
 ----
 
 You can verify the file have been correctly uploaded:
@@ -102,7 +102,42 @@ ignition:
       source: s3://instance1-infra/bootstrap.ign
 ----
 
-Then you can launch the instance using the same command as xref:#_customized_example[], passing the minimal configuration you just created.
+Then you can launch the instance using the following command, passing the minimal configuration you just created.
+
+Note: You need to https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#create-iam-role[create an IAM profile] with `s3:GetObject` permission, then will attach it to the instance. 
+
+TIP: To access S3 bucket, should enable the public IP addressing with argument `--associate-public-ip-address` if you are using a nondefault 
+VPC, or will get error like:
+```
+ignition: failed to acquire config: RequestError: send request failed
+caused by: Get "https://xxx-infra.xxx/bootstrap.ign": dial tcp x.x.x.x:443: i/o timeout
+```
+
+.Launching and customizing a new instance with remote Ignition file from a S3 bucket
+[source,bash]
+----
+NAME='instance1'
+SSHKEY='my-key'         # the name of your SSH key: `aws ec2 describe-key-pairs`
+IMAGE='ami-xxx'         # the AMI ID found on the download page
+DISK='20'               # the size of the hard disk
+REGION='us-east-1'      # the target region
+TYPE='m5.large'         # the instance type
+SUBNET='subnet-xxx'     # the subnet: `aws ec2 describe-subnets`
+SECURITY_GROUPS='sg-xxx' # the security group `aws ec2 describe-security-groups`
+USERDATA='/path/to/config.ign' # path to your Ignition config
+PROFILE='xxx-profile'    # the name of an IAM instance profile `aws iam list-instance-profiles`
+aws ec2 run-instances                     \
+    --region $REGION                      \
+    --image-id $IMAGE                     \
+    --instance-type $TYPE                 \
+    --key-name $SSHKEY                    \
+    --subnet-id $SUBNET                   \
+    --security-group-ids $SECURITY_GROUPS \
+    --user-data "file://${USERDATA}"      \
+    --iam-instance-profile Name=${PROFILE}     \
+    --tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=${NAME}}]" \
+    --block-device-mappings "VirtualName=/dev/xvda,DeviceName=/dev/xvda,Ebs={VolumeSize=${DISK}}"
+----
 
 Once the first boot is completed, make sure to delete the configuration as it may contain sensitive data.
 See xref:#_configuration_cleanup[].
@@ -117,7 +152,7 @@ See the https://coreos.github.io/ignition/operator-notes/#secrets[Ignition docum
 [source,bash]
 ----
 NAME='instance1'
-aws s3 rm CONFIG s3://$NAME-infra/bootstrap.ign
+aws s3 rm s3://$NAME-infra/bootstrap.ign
 ----
 
 Optionnally, you can delete the whole bucket: