diff --git a/acm/.terraform-docs.yml b/acm/.terraform-docs.yml
deleted file mode 120000
index f095125..0000000
--- a/acm/.terraform-docs.yml
+++ /dev/null
@@ -1 +0,0 @@
-../.terraform-docs.yml
\ No newline at end of file
diff --git a/acm/README.md b/acm/README.md
new file mode 100644
index 0000000..f20f23b
--- /dev/null
+++ b/acm/README.md
@@ -0,0 +1,92 @@
+<!-- BEGIN_TF_DOCS -->
+# About : aws-certificate/acm
+
+This module creates and ACM certificate, using the general purpose (ca1) ACM-PCA in the local region. It will automatically
+include the DNS name in the SAN.  You may add additonal SAN fully qualified domain names, but only DNS names are supported
+in the SAN for an ACM certificate.
+
+It returns the ACM ARN.
+
+# Usage
+This shows the module call with how you would use it.
+
+```hcl
+module "cert" {
+  source = "git@github.e.it.census.gov:terraform-modules/aws-certificates//acm"
+
+  certificate_dns      = "test.domain.census.gov"
+  contact_email        = "cio.engineering.alert.list@census.gov"
+
+  ## optional
+  ## add additional names to SAN
+  # certificate_san    = "otherdomain.domain.census.gov"
+}
+
+# associating it with the ALB listener
+resource "aws_lb_listener" "app_443" {
+  count             = module.cert.certificate_arn != null ? 1 : 0
+  load_balancer_arn = aws_lb.app.arn
+  port              = 443
+  protocol          = "HTTPS"
+  ssl_policy        = "ELBSecurityPolicy-TLS-1-2-2017-01"
+  certificate_arn   = module.cert.certificate_arn
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.app.arn
+  }
+}
+```
+
+The output value to look at is `certificate_arn`.  This is null if the certificate is incomplete or failed to load into ACM, or
+the ARN if completed.   You'll use the ARN for an AWS LB Listener.
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
+| <a name="requirement_http"></a> [http](#requirement\_http) | >= 2.1.0 |
+| <a name="requirement_local"></a> [local](#requirement\_local) | >= 2.1.0 |
+| <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.1.0 |
+| <a name="requirement_tls"></a> [tls](#requirement\_tls) | >= 3.1.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_acm_certificate.certificate](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate) | resource |
+| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_ssm_parameter.ca_longterm](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source |
+| [aws_ssm_parameter.ca_shortterm](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_account_alias"></a> [account\_alias](#input\_account\_alias) | AWS Account Alias | `string` | `""` | no |
+| <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no |
+| <a name="input_certificate_dns"></a> [certificate\_dns](#input\_certificate\_dns) | DNS Name to be used for the certificate.  For ACM certificate, the subject and CN may not be customized. | `string` | n/a | yes |
+| <a name="input_certificate_san"></a> [certificate\_san](#input\_certificate\_san) | The Subject Alternate Names (SAN), a list of FQDNs to include in the ACM Certificate. Only DNS names are supported.  See docs at https://docs.aws.amazon.com/cli/latest/reference/acm/request-certificate.html | `list(string)` | `[]` | no |
+| <a name="input_contact_email"></a> [contact\_email](#input\_contact\_email) | Email address in @census.gov of contact for the certificate.  This is strongly recommended to be a group email address. | `string` | n/a | yes |
+| <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources | `map(string)` | `{}` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_certificate_arn"></a> [certificate\_arn](#output\_certificate\_arn) | ARN of created ACM Certificate |
+<!-- END_TF_DOCS -->
\ No newline at end of file