diff --git a/README.md b/README.md
index de6c222..65342a7 100644
--- a/README.md
+++ b/README.md
@@ -28,6 +28,34 @@ Envrionment for working with AWS VCFs
 
 1. Run `init.sh` (Mac/Linux)/`init.ps1` (Windows) to set up the virtual environment again. (only the `venv/` directory is impacted by this operation)
 
+## Authentication options
+
+The launch.json encoding of client id, secret, and region for authentication works well for debugging the current file.
+To streamline the authentication process when debugging using containers (VS Code Docker debug profile), `aws` default profile credentials and .config.env files are used.
+<ins>.config.env is higher precedence</ins> and aws credentials are used as a fallback.
+
+### `aws` CLI credentials
+
+The `aws` CLI credentials can be used by the boto3 Python library to authenticate with AWS.
+The `aws` CLI must be authenticated using the default profile (`aws configure`).
+The region will be `us-west-2` by default but can be overridden from .config.env.
+
+If `aws` CLI is authenticated a .config.env file can be omitted.
+
+### .config.env file
+
+The .config.env file is similar to the environment variables defined in the launch.json file but is a flat file of variable declarations.
+The contents of .config.env resemble:
+    
+```sh
+AWS_CLIENT_ID="AKIA123456789012"
+AWS_CLIENT_SECRET="z8lkxhC+2gbDzYAHg7cBcVFEB3a1lhmbBvz3cpIv"
+AWS_REGION="us-west-2"
+```
+
+As mentioned, `aws` credentials may be used in lieu of `AWS_CLIENT_ID`, and `AWS_CLIENT_SECRET`.
+If the AWS_REGION is set in .config.env it overrides the default "us-west-2".
+
 ## References
 
 - [Boto3 (AWS Python SDK) Reference](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/index.html)