diff --git a/lab-3/LAB-REPORT.md b/lab-3/LAB-REPORT.md
index bbc7c53..8df63a5 100644
--- a/lab-3/LAB-REPORT.md
+++ b/lab-3/LAB-REPORT.md
@@ -7,7 +7,7 @@
 - [x] Secrets/Token Management
     - [x] Consider secret-scanning
       - [x] Added git-leaks on pre-commit hook
-- [x] Create & Connect to a Git*** reposiotry
+- [x] Create & Connect to a Git*** repository
   - [x] https://git.dropbear-minnow.ts.net/
 - [x] Modify and make a second commit
 ![image of terminal](./assets/prep-console.png)
@@ -21,24 +21,18 @@
 - [ ] [Dumping S3 Buckets!](https://www.youtube.com/watch?v=ITSZ8743MUk)
 
 ## Lab
-- [ ] Grant perms to ec2 & s3 via IAM roles
-- [ ] S3 Buckets
-  - [ ] How to create one
-    - [ ] Via GUI
-    - [ ] Via terraform
-  - [ ] What are they used for?
-    - I have some existing context for this. I've used this for work
-      in the past for both archival purposes and for serving public content
-      (images & documents). You would commonly use them for 
-  - [ ] How can they be a juicy security risk?
-    - ! A security team will often set alerts around s3 buckets whenever
-        resources are created with no rules set
-    - 
-  - [ ] Create and attach a least-privilege policy
-  - [ ] Associate the IAM role with your running EC2 instance
-  - [ ] Verify access from the instance --> ec2-vm :> aws s3 ls
+- [x] create a custom IAM Policy
+- [x] create an IAM Role for EC2
+  ![trust relationships](./assets/trust-relationships.jpg)
+  ![permissions](./assets/permissions.jpg)
+- [x] Attach the Role to your EC2 Instance
+- [x] Verify is3 access from the EC2 Instance
+  ![screenshot of listing s3 contents](./assets/s3-access-screenshot.jpg)
 
-## Vocab
+### Stretch
+- [ ] Create a bucket policy that blocks all public access but allows your IAM role
+
+## Terms
 ### Identity Access Management
 ```mermaid
 graph LR
@@ -47,4 +41,11 @@ graph LR
   ExplainIAMIdentity -.-> IAMIdentity
   
   classDef aside fill:#fffbe6,stroke:#bbb,stroke-dasharray: 5 5,stroke-width:2px;
-```
\ No newline at end of file
+```
+
+## End lab
+- [ ] Clean up
+  - [ ] Custom roles
+  - [ ] Custom policies
+- [ ] Stop ec2 Instance
+- [ ] Remove s3 bucket
\ No newline at end of file
diff --git a/lab-3/assets/permissions.jpg b/lab-3/assets/permissions.jpg
new file mode 100644
index 0000000..2dbd4df
Binary files /dev/null and b/lab-3/assets/permissions.jpg differ
diff --git a/lab-3/assets/s3-access-screenshot.jpg b/lab-3/assets/s3-access-screenshot.jpg
new file mode 100644
index 0000000..f24a262
Binary files /dev/null and b/lab-3/assets/s3-access-screenshot.jpg differ
diff --git a/lab-3/assets/trust-relationships.jpg b/lab-3/assets/trust-relationships.jpg
new file mode 100644
index 0000000..b97d449
Binary files /dev/null and b/lab-3/assets/trust-relationships.jpg differ