diff --git a/s3_credentials/cli.py b/s3_credentials/cli.py
index 4215f78..143a595 100644
--- a/s3_credentials/cli.py
+++ b/s3_credentials/cli.py
@@ -285,7 +285,7 @@ def create(
                         )
                     )
                     if bucket_policy:
-                        click.echo("... then the following bucket policy:")
+                        click.echo("... then attach the following bucket policy to it:")
                         click.echo(json.dumps(bucket_policy, indent=4))
                 else:
                     s3.create_bucket(Bucket=bucket, **kwargs)
diff --git a/tests/test_dry_run.py b/tests/test_dry_run.py
index 42aef60..a78c402 100644
--- a/tests/test_dry_run.py
+++ b/tests/test_dry_run.py
@@ -51,6 +51,16 @@ Would ensure role: 's3-credentials.AmazonS3FullAccess'
 Would assume role using following policy for 1200 seconds:*"""
             ),
         ),
+        (
+            ["--public"],
+            (
+                """Would create bucket: 'my-bucket'
+... then attach the following bucket policy to it:*
+Would create user: 's3.read-write.my-bucket' with permissions boundary: 'arn:aws:iam::aws:policy/AmazonS3FullAccess'
+Would attach policy called 's3.read-write.my-bucket' to user 's3.read-write.my-bucket', details:*
+Would call create access key for user 's3.read-write.my-bucket'"""
+            ),
+        ),
     ),
 )
 def test_dry_run(options, expected):