diff --git a/standard/README.md b/standard/README.md
index ea1b451..40f0d9a 100644
--- a/standard/README.md
+++ b/standard/README.md
@@ -8,6 +8,8 @@ Other configurations such as versioning or data safegurad tagging (only on the b
 
 # Usage
 To use the new refactored module with the AWS provider v4.x, use `?ref=3`, otherwise leave this part off.
+If you are converting an older version of the module to the new AWS provider with `?ref=3, please follow
+the [updating directions](updating-buckets.md).
 
 **Note**: version 2 and version 3 of this module cannot coexist in a directory.  All S3 buckets using this module
 must use the same version.  If you are using the version 2 of the module (without the `?ref=3`), you must
@@ -15,7 +17,7 @@ also include a `versions.tf` which pins the AWS provider at < 4.0.  If using ver
 do not include a `versions.tf`, do not pin the AWS provider.  Two different versions of the provider cannot
 coexist (easily).
 
-```hcl
+````hcl
 module "my-bucket" {
   source = "git@github.e.it.census.gov:terraform-modules/aws-s3.git//standard?ref=3"
 
@@ -226,6 +228,7 @@ No modules.
 | <a name="input_object_lock_enabled"></a> [object\_lock\_enabled](#input\_object\_lock\_enabled) | Flag to enable object lock. This can only be set on bucket creation. See AWS documentation at https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html | `bool` | `false` | no |
 | <a name="input_require_explicit_encryption"></a> [require\_explicit\_encryption](#input\_require\_explicit\_encryption) | When enabled, adds bucket policy to Deny unencrypted uploads and incorrect encryption header.  Should not normally be needed. | `bool` | `false` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
+| <a name="input_use_kms_encryption"></a> [use\_kms\_encryption](#input\_use\_kms\_encryption) | Enable AWS:KMS encryption (default). If false, enables SSE-S3 (AES256), needed for some AWS services access | `bool` | `true` | no |
 
 ## Outputs
 
diff --git a/standard/main.tf b/standard/main.tf
index 99655c3..1528db2 100644
--- a/standard/main.tf
+++ b/standard/main.tf
@@ -9,6 +9,8 @@
 * 
 * # Usage 
 * To use the new refactored module with the AWS provider v4.x, use `?ref=3`, otherwise leave this part off.
+* If you are converting an older version of the module to the new AWS provider with `?ref=3, please follow
+* the [updating directions](updating-buckets.md).
 *
 * **Note**: version 2 and version 3 of this module cannot coexist in a directory.  All S3 buckets using this module
 * must use the same version.  If you are using the version 2 of the module (without the `?ref=3`), you must
diff --git a/standard/updating-buckets.md b/standard/updating-buckets.md
new file mode 120000
index 0000000..65e8981
--- /dev/null
+++ b/standard/updating-buckets.md
@@ -0,0 +1 @@
+../bin/README.md
\ No newline at end of file
diff --git a/title26/README.md b/title26/README.md
index 0e39ee9..5c2c84e 100644
--- a/title26/README.md
+++ b/title26/README.md
@@ -8,6 +8,8 @@ FTI (Title26).  This includes
 
 # Usage
 To use the new refactored module with the AWS provider v4.x, use `?ref=3`, otherwise leave this part off.
+If you are converting an older version of the module to the new AWS provider with `?ref=3, please follow
+the [updating directions](updating-buckets.md).
 
 **Note**: version 2 and version 3 of this module cannot coexist in a directory.  All S3 buckets using this module
 must use the same version.  If you are using the version 2 of the module (without the `?ref=3`), you must
@@ -15,7 +17,7 @@ also include a `versions.tf` which pins the AWS provider at < 4.0.  If using ver
 do not include a `versions.tf`, do not pin the AWS provider.  Two different versions of the provider cannot
 coexist (easily).
 
-```hcl
+````hcl
 module "my-bucket" {
 
 ```hcl
@@ -225,6 +227,7 @@ No modules.
 | <a name="input_object_lock_enabled"></a> [object\_lock\_enabled](#input\_object\_lock\_enabled) | Flag to enable object lock. This can only be set on bucket creation. See AWS documentation at https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html | `bool` | `false` | no |
 | <a name="input_require_explicit_encryption"></a> [require\_explicit\_encryption](#input\_require\_explicit\_encryption) | When enabled, adds bucket policy to Deny unencrypted uploads and incorrect encryption header.  Should not normally be needed. | `bool` | `false` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
+| <a name="input_use_kms_encryption"></a> [use\_kms\_encryption](#input\_use\_kms\_encryption) | Enable AWS:KMS encryption (default). If false, enables SSE-S3 (AES256), needed for some AWS services access | `bool` | `true` | no |
 
 ## Outputs
 
diff --git a/title26/main.tf b/title26/main.tf
index e7443eb..0df06e8 100644
--- a/title26/main.tf
+++ b/title26/main.tf
@@ -9,6 +9,8 @@
 * 
 * # Usage 
 * To use the new refactored module with the AWS provider v4.x, use `?ref=3`, otherwise leave this part off.
+* If you are converting an older version of the module to the new AWS provider with `?ref=3, please follow
+* the [updating directions](updating-buckets.md).
 * 
 * **Note**: version 2 and version 3 of this module cannot coexist in a directory.  All S3 buckets using this module
 * must use the same version.  If you are using the version 2 of the module (without the `?ref=3`), you must
diff --git a/title26/updating-buckets.md b/title26/updating-buckets.md
new file mode 120000
index 0000000..65e8981
--- /dev/null
+++ b/title26/updating-buckets.md
@@ -0,0 +1 @@
+../bin/README.md
\ No newline at end of file