diff --git a/README.md b/README.md
index 8baef4dea..07f800b36 100644
--- a/README.md
+++ b/README.md
@@ -50,6 +50,7 @@ SecretValue: {"PublicKey": "YourPublicKey", "PrivateKey": "YourPrivateKey"}
 ```
 
 To create a new secret for a default profile, use the [PROFILE SECRET TEMPLATE](/examples/profile-secret.yaml) file provided in this repository.
+The secret must exist in the same AWS account and AWS region where the Cloudformation stack is run.
 
 Here are some examples of how to use this template:
 
diff --git a/cfn-resources/cloud-backup-snapshot-export-bucket/resource-role.yaml b/cfn-resources/cloud-backup-snapshot-export-bucket/resource-role.yaml
index c3d55cc70..206e0482b 100644
--- a/cfn-resources/cloud-backup-snapshot-export-bucket/resource-role.yaml
+++ b/cfn-resources/cloud-backup-snapshot-export-bucket/resource-role.yaml
@@ -24,7 +24,6 @@ Resources:
               - Effect: Allow
                 Action:
                 - "secretsmanager:CreateSecret"
-                - "secretsmanager:CreateSecretInput"
                 - "secretsmanager:DescribeSecret"
                 - "secretsmanager:GetSecretValue"
                 - "secretsmanager:PutSecretValue"
diff --git a/cfn-resources/custom-db-role/resource-role.yaml b/cfn-resources/custom-db-role/resource-role.yaml
index 792fd2348..825f3a025 100644
--- a/cfn-resources/custom-db-role/resource-role.yaml
+++ b/cfn-resources/custom-db-role/resource-role.yaml
@@ -30,11 +30,6 @@ Resources:
             Statement:
               - Effect: Allow
                 Action:
-                - "initech:CreateReport"
-                - "initech:DeleteReport"
-                - "initech:DescribeReport"
-                - "initech:ListReports"
-                - "initech:UpdateReport"
                 - "secretsmanager:GetSecretValue"
                 Resource: "*"
 Outputs:
diff --git a/cfn-resources/global-cluster-config/resource-role.yaml b/cfn-resources/global-cluster-config/resource-role.yaml
index c3d55cc70..206e0482b 100644
--- a/cfn-resources/global-cluster-config/resource-role.yaml
+++ b/cfn-resources/global-cluster-config/resource-role.yaml
@@ -24,7 +24,6 @@ Resources:
               - Effect: Allow
                 Action:
                 - "secretsmanager:CreateSecret"
-                - "secretsmanager:CreateSecretInput"
                 - "secretsmanager:DescribeSecret"
                 - "secretsmanager:GetSecretValue"
                 - "secretsmanager:PutSecretValue"
diff --git a/examples/README.md b/examples/README.md
index 82c8f4e9c..e7b33c4f5 100644
--- a/examples/README.md
+++ b/examples/README.md
@@ -13,6 +13,8 @@ You must [configure API keys](https://www.mongodb.com/docs/atlas/configure-api-a
 ### CloudFormation Profile
 You should create a profile in the AWS Secrets Manager that contains the MongoDB Atlas Programmatic API Key.
 
+The secret must be named `cfn/atlas/profile/{ProfileName}` and exist in the same AWS account and AWS region where the Cloudformation stack is run.
+
 Use [this template](profile-secret.yaml) to create a [new CloudFormation stack](https://console.aws.amazon.com/cloudformation/home#/stacks/create) for the default profile that all resources attempt to use unless you specify a different profile.
 
 ### Configure the IAM Execution Role