diff --git a/docs/getting-started/step-4-update.md b/docs/getting-started/step-4-update.md
index 57d93c96e..aae7abdb0 100644
--- a/docs/getting-started/step-4-update.md
+++ b/docs/getting-started/step-4-update.md
@@ -37,6 +37,9 @@ More concretely, steps should be taken in order to rotate your certs on nodes ar
   kube-aws update
   ```
 
+There are cases where the service account tokens used by the system pods become invalid after credentials update, and
+some of your system pods will break (especially `kube-dns`). Deleting the said secrets will solve the issue (see https://github.com/kubernetes-incubator/kube-aws/issues/1057).
+
 ## The etcd caveat
 
 There is no solution for hosting an etcd cluster in a way that is easily updateable in this fashion- so updates are automatically masked for the etcd instances. This means that, after the cluster is created, nothing about the etcd ec2 instances is allowed to be updated.
diff --git a/make/test b/make/test
index b3c3a8f43..c7a30b5bc 100755
--- a/make/test
+++ b/make/test
@@ -10,7 +10,7 @@ default() {
 with-cover() {
   test -z "$(find . -path ./vendor -prune -type f -o -name '*.go' -exec gofmt -d {} + | tee /dev/stderr)"
   for d in $(go list ./... | grep -v '/vendor/' | grep -v '/hack'); do
-    go test -timeout 25m -v --race -coverprofile=profile.out -covermode=atomic $d
+    go test -timeout 30m -v --race -coverprofile=profile.out -covermode=atomic $d
     if [ -f profile.out ]; then
       cat profile.out >> coverage.txt
       rm profile.out