diff --git a/CHANGELOG.md b/CHANGELOG.md
index 64bd737..8d45199 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -291,3 +291,15 @@
     - fix up the cidr math
     - this drops a new variables.subnets.tf for the examples, to include the optional availability_zones
     - as we are nearing completion with updating all of the vpc code to TF 1.x, this should not be a problem, and it really only applies in do2-gov
+
+* 2.8.2 -- 2023-04-18
+  - subnets:
+    - add boc:vpc:subnet_label
+  - route53-zone-association/lambda-role
+    - add ssm permissions
+  - route53-zone-association/terraform-role
+    - add ssm permissions
+  - vpc-interface-endpoint
+    - add additional information to ssm parameter
+    - cleanup zone creation based on endpoint service definition (some are missing a zone)
+
diff --git a/common/version.tf b/common/version.tf
index c1f3a9b..e66bbb9 100644
--- a/common/version.tf
+++ b/common/version.tf
@@ -1,5 +1,5 @@
 locals {
-  _module_version = "2.8.1"
+  _module_version = "2.8.2"
   _module_names = {
     "_main_" = "aws-vpc-setup"
 
diff --git a/examples/region-shared-setup/README.md b/examples/region-shared-setup/README.md
new file mode 100644
index 0000000..a57c784
--- /dev/null
+++ b/examples/region-shared-setup/README.md
@@ -0,0 +1,10 @@
+
+```script
+cd REPO
+mkdir vpc/REGION/shared-setup
+
+# from tf-upgrade branch below
+cp REPOPATH/terraform/terraform-modules/aws-vpc-setup/examples/region-shared-setup/* ./
+```
+
+This sets up all the tags for the VPC resources shared TO this account and region.
diff --git a/examples/vpc-share-files/credentials.org_master.tf b/examples/vpc-share-files/credentials.org_master.tf
new file mode 100644
index 0000000..12baf92
--- /dev/null
+++ b/examples/vpc-share-files/credentials.org_master.tf
@@ -0,0 +1,5 @@
+provider "aws" {
+  alias   = "org_master"
+  region  = var.org_master_region
+  profile = var.org_master_profile
+}
diff --git a/examples/vpc-share-files/share.tf b/examples/vpc-share-files/share.tf
new file mode 100644
index 0000000..2febd48
--- /dev/null
+++ b/examples/vpc-share-files/share.tf
@@ -0,0 +1,21 @@
+module "share_networks" {
+  source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//share-resources?ref=tf-upgrade"
+  providers = {
+    aws            = aws
+    aws.org_master = aws.org_master
+  }
+  org_master_profile             = "252903981224-ma5-gov"
+  org_master_region              = "us-gov-west-1"
+  share_enabled                  = true
+  share_account_list             = [for a in var.share_account_list : a.account_id if a.enabled]
+  share_organizational_unit_list = [for ou in var.share_organizational_unit_list : ou.id if ou.enabled]
+  private_subnets_ids            = module.subnets.private_subnets_ids
+}
+
+# need these files
+#        credentials.org_master.tf
+#        share.tf
+#        variables.org_master.tf
+#        variables.share.auto.tfvars
+#        variables.share.tf
+
diff --git a/examples/vpc-share-files/variables.org_master.tf b/examples/vpc-share-files/variables.org_master.tf
new file mode 100644
index 0000000..012e965
--- /dev/null
+++ b/examples/vpc-share-files/variables.org_master.tf
@@ -0,0 +1,11 @@
+variable "org_master_profile" {
+  description = "AWS Organization Master account profile"
+  type        = string
+  default     = "252903981224-ma5-gov"
+}
+
+variable "org_master_region" {
+  description = "AWS Organization Master region (see docs: https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)"
+  type        = string
+  default     = "us-gov-west-1"
+}
diff --git a/examples/vpc-share-files/variables.share.auto.tfvars b/examples/vpc-share-files/variables.share.auto.tfvars
new file mode 100644
index 0000000..a351f9b
--- /dev/null
+++ b/examples/vpc-share-files/variables.share.auto.tfvars
@@ -0,0 +1,15 @@
+share_organizational_unit_list = [
+  {
+    label   = "Enterprise-GOV:ProgramWorkloads:EDL:Production"
+    id      = "ou-9go7-u6hpspj7"
+    enabled = false
+  }
+]
+
+share_account_list = [
+  {
+    alias      = "cedsci-dev-gov"
+    account_id = "145577987146"
+    enabled    = true
+  }
+]
diff --git a/examples/vpc-share-files/variables.share.tf b/examples/vpc-share-files/variables.share.tf
new file mode 100644
index 0000000..ed7a39e
--- /dev/null
+++ b/examples/vpc-share-files/variables.share.tf
@@ -0,0 +1,19 @@
+variable "share_organizational_unit_list" {
+  description = "List of organizaiton unit objects (label (ou name), id, enabled) to which to share resources"
+  type = list(object({
+    label   = string
+    id      = string,
+    enabled = optional(bool, true)
+  }))
+  default = []
+}
+
+variable "share_account_list" {
+  description = "List of account objects (alias, account_id, enabled) to which to share resoures"
+  type = list(object({
+    alias      = string,
+    account_id = string,
+    enabled    = optional(bool, true)
+  }))
+  default = []
+}
diff --git a/subnets/main.tf b/subnets/main.tf
index 89a10b8..f21395a 100644
--- a/subnets/main.tf
+++ b/subnets/main.tf
@@ -115,7 +115,10 @@ resource "aws_subnet" "public" {
     local.base_tags,
     var.tags,
     each.value.tags,
-    { "Name" = format("%v%v-%v", local._prefixes["subnet"], var.vpc_full_name, each.value.label) },
+    {
+      "Name"                 = format("%v%v-%v", local._prefixes["subnet"], var.vpc_full_name, each.value.label),
+      "boc:vpc:subnet_label" = each.value.label,
+    }
   )
 }
 
@@ -162,6 +165,9 @@ resource "aws_subnet" "private" {
     local.base_tags,
     var.tags,
     each.value.tags,
-    { "Name" = format("%v%v-%v", local._prefixes["subnet"], var.vpc_full_name, each.value.label) },
+    {
+      "Name"                 = format("%v%v-%v", local._prefixes["subnet"], var.vpc_full_name, each.value.label),
+      "boc:vpc:subnet_label" = each.value.label,
+    }
   )
 }