diff --git a/README.md b/README.md
index 1eebb79..5e2cb42 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,7 @@
 <!-- This file was automatically generated by the `build-harness`. Make all changes to `README.yaml` and run `make readme` to rebuild this file. -->
+[![README Header][readme_header_img]][readme_header_link]
 
-[![Cloud Posse](https://cloudposse.com/logo-300x69.svg)](https://cloudposse.com)
+[![Cloud Posse][logo]](https://cpco.io/homepage)
 
 # terraform-aws-kms-key [![Build Status](https://travis-ci.org/cloudposse/terraform-aws-kms-key.svg?branch=master)](https://travis-ci.org/cloudposse/terraform-aws-kms-key) [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-kms-key.svg)](https://github.com/cloudposse/terraform-aws-kms-key/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com)
 
@@ -15,7 +16,17 @@ Can be used with [chamber](https://github.com/segmentio/chamber) for managing se
 
 ---
 
-This project is part of our comprehensive ["SweetOps"](https://docs.cloudposse.com) approach towards DevOps. 
+This project is part of our comprehensive ["SweetOps"](https://cpco.io/sweetops) approach towards DevOps. 
+[<img align="right" title="Share via Email" src="https://docs.cloudposse.com/images/ionicons/ios-email-outline-2.0.1-16x16-999999.svg"/>][share_email]
+[<img align="right" title="Share on Google+" src="https://docs.cloudposse.com/images/ionicons/social-googleplus-outline-2.0.1-16x16-999999.svg" />][share_googleplus]
+[<img align="right" title="Share on Facebook" src="https://docs.cloudposse.com/images/ionicons/social-facebook-outline-2.0.1-16x16-999999.svg" />][share_facebook]
+[<img align="right" title="Share on Reddit" src="https://docs.cloudposse.com/images/ionicons/social-reddit-outline-2.0.1-16x16-999999.svg" />][share_reddit]
+[<img align="right" title="Share on LinkedIn" src="https://docs.cloudposse.com/images/ionicons/social-linkedin-outline-2.0.1-16x16-999999.svg" />][share_linkedin]
+[<img align="right" title="Share on Twitter" src="https://docs.cloudposse.com/images/ionicons/social-twitter-outline-2.0.1-16x16-999999.svg" />][share_twitter]
+
+
+[![Terraform Open Source Modules](https://docs.cloudposse.com/images/terraform-open-source-modules.svg)][terraform_modules]
+
 
 
 It's 100% Open Source and licensed under the [APACHE2](LICENSE).
@@ -26,11 +37,21 @@ It's 100% Open Source and licensed under the [APACHE2](LICENSE).
 
 
 
+We literally have [*hundreds of terraform modules*][terraform_modules] that are Open Source and well-maintained. Check them out! 
+
+
+
+
 
 
 
 ## Usage
 
+
+**IMPORTANT:** The `master` branch is used in `source` just as an example. In your code, do not pin to `master` because there may be breaking changes between releases.
+Instead pin to the release tag (e.g. `?ref=tags/x.y.z`) of one of our [latest releases](https://github.com/cloudposse/terraform-aws-kms-key/releases).
+
+
 ```hcl
 module "kms_key" {
   source                  = "git::https://github.com/cloudposse/terraform-aws-kms-key.git?ref=master"
@@ -53,12 +74,12 @@ module "kms_key" {
 ```
 Available targets:
 
-  help                                This help screen
+  help                                Help screen
   help/all                            Display help for all targets
+  help/short                          This help short screen
   lint                                Lint terraform code
 
 ```
-
 ## Inputs
 
 | Name | Description | Type | Default | Required |
@@ -71,6 +92,7 @@ Available targets:
 | enable_key_rotation | Specifies whether key rotation is enabled | string | `true` | no |
 | name | Application or solution name (e.g. `app`) | string | - | yes |
 | namespace | Namespace (e.g. `cp` or `cloudposse`) | string | - | yes |
+| policy | A valid kms policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. | string | `` | no |
 | stage | Stage (e.g. `prod`, `dev`, `staging`) | string | - | yes |
 | tags | Additional tags (e.g. map(`BusinessUnit`,`XYZ`) | map | `<map>` | no |
 
@@ -86,6 +108,13 @@ Available targets:
 
 
 
+## Share the Love 
+
+Like this project? Please give it a ★ on [our GitHub](https://github.com/cloudposse/terraform-aws-kms-key)! (it helps us **a lot**) 
+
+Are you using this project or any of our other projects? Consider [leaving a testimonial][testimonial]. =)
+
+
 ## Related Projects
 
 Check out these related projects.
@@ -102,26 +131,38 @@ Check out these related projects.
 
 File a GitHub [issue](https://github.com/cloudposse/terraform-aws-kms-key/issues), send us an [email][email] or join our [Slack Community][slack].
 
+[![README Commercial Support][readme_commercial_support_img]][readme_commercial_support_link]
+
 ## Commercial Support
 
 Work directly with our team of DevOps experts via email, slack, and video conferencing. 
 
 We provide [*commercial support*][commercial_support] for all of our [Open Source][github] projects. As a *Dedicated Support* customer, you have access to our team of subject matter experts at a fraction of the cost of a full-time engineer. 
 
-[![E-Mail](https://img.shields.io/badge/email-hello@cloudposse.com-blue.svg)](mailto:hello@cloudposse.com)
+[![E-Mail](https://img.shields.io/badge/email-hello@cloudposse.com-blue.svg)][email]
 
 - **Questions.** We'll use a Shared Slack channel between your team and ours.
 - **Troubleshooting.** We'll help you triage why things aren't working.
 - **Code Reviews.** We'll review your Pull Requests and provide constructive feedback.
 - **Bug Fixes.** We'll rapidly work to fix any bugs in our projects.
-- **Build New Terraform Modules.** We'll develop original modules to provision infrastructure.
+- **Build New Terraform Modules.** We'll [develop original modules][module_development] to provision infrastructure.
 - **Cloud Architecture.** We'll assist with your cloud strategy and design.
 - **Implementation.** We'll provide hands-on support to implement our reference architectures. 
 
 
-## Community Forum
 
-Get access to our [Open Source Community Forum][slack] on Slack. It's **FREE** to join for everyone! Our "SweetOps" community is where you get to talk with others who share a similar vision for how to rollout and manage infrastructure. This is the best place to talk shop, ask questions, solicit feedback, and work together as a community to build *sweet* infrastructure.
+## Terraform Module Development
+
+Are you interested in custom Terraform module development? Submit your inquiry using [our form][module_development] today and we'll get back to you ASAP.
+
+
+## Slack Community
+
+Join our [Open Source Community][slack] on Slack. It's **FREE** for everyone! Our "SweetOps" community is where you get to talk with others who share a similar vision for how to rollout and manage infrastructure. This is the best place to talk shop, ask questions, solicit feedback, and work together as a community to build totally *sweet* infrastructure.
+
+## Newsletter
+
+Signup for [our newsletter][newsletter] that covers everything on our technology radar.  Receive updates on what we're up to on GitHub as well as awesome new projects we discover. 
 
 ## Contributing
 
@@ -131,7 +172,7 @@ Please use the [issue tracker](https://github.com/cloudposse/terraform-aws-kms-k
 
 ### Developing
 
-If you are interested in being a contributor and want to get involved in developing this project or [help out](https://github.com/orgs/cloudposse/projects/3) with our other projects, we would love to hear from you! Shoot us an [email](mailto:hello@cloudposse.com).
+If you are interested in being a contributor and want to get involved in developing this project or [help out](https://cpco.io/help-out) with our other projects, we would love to hear from you! Shoot us an [email][email].
 
 In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.
 
@@ -146,7 +187,7 @@ In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.
 
 ## Copyright
 
-Copyright © 2017-2018 [Cloud Posse, LLC](https://cloudposse.com)
+Copyright © 2017-2019 [Cloud Posse, LLC](https://cpco.io/copyright)
 
 
 
@@ -187,26 +228,16 @@ All other trademarks referenced herein are the property of their respective owne
 
 ## About
 
-This project is maintained and funded by [Cloud Posse, LLC][website]. Like it? Please let us know at <hello@cloudposse.com>
+This project is maintained and funded by [Cloud Posse, LLC][website]. Like it? Please let us know by [leaving a testimonial][testimonial]!
 
-[![Cloud Posse](https://cloudposse.com/logo-300x69.svg)](https://cloudposse.com)
+[![Cloud Posse][logo]][website]
 
-We're a [DevOps Professional Services][hire] company based in Los Angeles, CA. We love [Open Source Software](https://github.com/cloudposse/)!
+We're a [DevOps Professional Services][hire] company based in Los Angeles, CA. We ❤️  [Open Source Software][we_love_open_source].
 
-We offer paid support on all of our projects.  
+We offer [paid support][commercial_support] on all of our projects.  
 
-Check out [our other projects][github], [apply for a job][jobs], or [hire us][hire] to help with your cloud strategy and implementation.
+Check out [our other projects][github], [follow us on twitter][twitter], [apply for a job][jobs], or [hire us][hire] to help with your cloud strategy and implementation.
 
-  [docs]: https://docs.cloudposse.com/
-  [website]: https://cloudposse.com/
-  [github]: https://github.com/cloudposse/
-  [commercial_support]: https://github.com/orgs/cloudposse/projects
-  [jobs]: https://cloudposse.com/jobs/
-  [hire]: https://cloudposse.com/contact/
-  [slack]: https://slack.cloudposse.com/
-  [linkedin]: https://www.linkedin.com/company/cloudposse
-  [twitter]: https://twitter.com/cloudposse/
-  [email]: mailto:hello@cloudposse.com
 
 
 ### Contributors
@@ -218,3 +249,36 @@ Check out [our other projects][github], [apply for a job][jobs], or [hire us][hi
   [aknysh_avatar]: https://github.com/aknysh.png?size=150
 
 
+
+[![README Footer][readme_footer_img]][readme_footer_link]
+[![Beacon][beacon]][website]
+
+  [logo]: https://cloudposse.com/logo-300x69.svg
+  [docs]: https://cpco.io/docs
+  [website]: https://cpco.io/homepage
+  [github]: https://cpco.io/github
+  [jobs]: https://cpco.io/jobs
+  [hire]: https://cpco.io/hire
+  [slack]: https://cpco.io/slack
+  [linkedin]: https://cpco.io/linkedin
+  [twitter]: https://cpco.io/twitter
+  [testimonial]: https://cpco.io/leave-testimonial
+  [newsletter]: https://cpco.io/newsletter
+  [email]: https://cpco.io/email
+  [commercial_support]: https://cpco.io/commercial-support
+  [we_love_open_source]: https://cpco.io/we-love-open-source
+  [module_development]: https://cpco.io/module-development
+  [terraform_modules]: https://cpco.io/terraform-modules
+  [readme_header_img]: https://cloudposse.com/readme/header/img?repo=cloudposse/terraform-aws-kms-key
+  [readme_header_link]: https://cloudposse.com/readme/header/link?repo=cloudposse/terraform-aws-kms-key
+  [readme_footer_img]: https://cloudposse.com/readme/footer/img?repo=cloudposse/terraform-aws-kms-key
+  [readme_footer_link]: https://cloudposse.com/readme/footer/link?repo=cloudposse/terraform-aws-kms-key
+  [readme_commercial_support_img]: https://cloudposse.com/readme/commercial-support/img?repo=cloudposse/terraform-aws-kms-key
+  [readme_commercial_support_link]: https://cloudposse.com/readme/commercial-support/link?repo=cloudposse/terraform-aws-kms-key
+  [share_twitter]: https://twitter.com/intent/tweet/?text=terraform-aws-kms-key&url=https://github.com/cloudposse/terraform-aws-kms-key
+  [share_linkedin]: https://www.linkedin.com/shareArticle?mini=true&title=terraform-aws-kms-key&url=https://github.com/cloudposse/terraform-aws-kms-key
+  [share_reddit]: https://reddit.com/submit/?url=https://github.com/cloudposse/terraform-aws-kms-key
+  [share_facebook]: https://facebook.com/sharer/sharer.php?u=https://github.com/cloudposse/terraform-aws-kms-key
+  [share_googleplus]: https://plus.google.com/share?url=https://github.com/cloudposse/terraform-aws-kms-key
+  [share_email]: mailto:?subject=terraform-aws-kms-key&body=https://github.com/cloudposse/terraform-aws-kms-key
+  [beacon]: https://ga-beacon.cloudposse.com/UA-76589703-4/cloudposse/terraform-aws-kms-key?pixel&cs=github&cm=readme&an=terraform-aws-kms-key
diff --git a/docs/targets.md b/docs/targets.md
index 09c39cd..3d4be2a 100644
--- a/docs/targets.md
+++ b/docs/targets.md
@@ -2,8 +2,9 @@
 ```
 Available targets:
 
-  help                                This help screen
+  help                                Help screen
   help/all                            Display help for all targets
+  help/short                          This help short screen
   lint                                Lint terraform code
 
 ```
diff --git a/docs/terraform.md b/docs/terraform.md
index eb8a42f..054f827 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -1,4 +1,3 @@
-
 ## Inputs
 
 | Name | Description | Type | Default | Required |
@@ -11,6 +10,7 @@
 | enable_key_rotation | Specifies whether key rotation is enabled | string | `true` | no |
 | name | Application or solution name (e.g. `app`) | string | - | yes |
 | namespace | Namespace (e.g. `cp` or `cloudposse`) | string | - | yes |
+| policy | A valid kms policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. | string | `` | no |
 | stage | Stage (e.g. `prod`, `dev`, `staging`) | string | - | yes |
 | tags | Additional tags (e.g. map(`BusinessUnit`,`XYZ`) | map | `<map>` | no |
 
diff --git a/main.tf b/main.tf
index a439fde..52cd5c0 100644
--- a/main.tf
+++ b/main.tf
@@ -8,11 +8,36 @@ module "label" {
   tags       = "${var.tags}"
 }
 
+data "aws_caller_identity" "current" {}
+
+data "aws_iam_policy_document" "default" {
+  statement {
+    sid       = "Enable IAM User Permissions"
+    effect    = "Allow"
+    actions   = ["kms:*"]
+    resources = ["*"]
+
+    principals {
+      type = "AWS"
+
+      identifiers = [
+        "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root",
+      ]
+    }
+  }
+}
+
+module "policy" {
+  source           = "git::https://github.com/cloudposse/terraform-aws-iam-policy-document-aggregator.git?ref=tags/0.1.2"
+  source_documents = ["${data.aws_iam_policy_document.default.json}", "${var.policy}"]
+}
+
 resource "aws_kms_key" "default" {
   description             = "${var.description}"
   deletion_window_in_days = "${var.deletion_window_in_days}"
   enable_key_rotation     = "${var.enable_key_rotation}"
   tags                    = "${module.label.tags}"
+  policy                  = "${module.policy.result_document}"
 }
 
 resource "aws_kms_alias" "default" {
diff --git a/variables.tf b/variables.tf
index 1600f98..0626fb9 100644
--- a/variables.tf
+++ b/variables.tf
@@ -52,3 +52,9 @@ variable "alias" {
   default     = ""
   description = "The display name of the alias. The name must start with the word `alias` followed by a forward slash"
 }
+
+variable "policy" {
+  type        = "string"
+  default     = ""
+  description = "A valid kms policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy."
+}