diff --git a/README.md b/README.md
index 6accb7a1..b30aaf6b 100644
--- a/README.md
+++ b/README.md
@@ -47,6 +47,11 @@ We literally have [*hundreds of terraform modules*][terraform_modules] that are
 
 ## Usage
 
+
+**IMPORTANT:** The `master` branch is used in `source` just as an example. In your code, do not pin to `master` because there may be breaking changes between releases.
+Instead pin to the release tag (e.g. `?ref=tags/x.y.z`) of one of our [latest releases](https://github.com/cloudposse/terraform-aws-s3-bucket/releases).
+
+
 ```hcl
 module "s3_bucket" {
   source                   = "git::https://github.com/cloudposse/terraform-aws-s3-bucket.git?ref=master"
@@ -86,7 +91,7 @@ Available targets:
 | delimiter | Delimiter to be used between `namespace`, `stage`, `name` and `attributes` | string | `-` | no |
 | enabled | Set to `false` to prevent the module from creating any resources | string | `true` | no |
 | force_destroy | A boolean string that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. | string | `false` | no |
-| kms_master_key_id | The AWS KMS master key ID used for the `SSE-KMS` encryption. This can only be used when you set the value of `sse_algorithm` as `aws:kms`. The default aws/s3 AWS KMS master key is used if this element is absent while the `sse_algorithm` is `aws:kms` | string | `` | no |
+| kms_master_key_arn | The AWS KMS master key ARN used for the `SSE-KMS` encryption. This can only be used when you set the value of `sse_algorithm` as `aws:kms`. The default aws/s3 AWS KMS master key is used if this element is absent while the `sse_algorithm` is `aws:kms` | string | `` | no |
 | name | Name  (e.g. `app` or `db`) | string | - | yes |
 | namespace | Namespace (e.g. `eg` or `cp`) | string | - | yes |
 | policy | A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. | string | `` | no |
diff --git a/docs/terraform.md b/docs/terraform.md
index 3fe001b2..2368b9f3 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -9,7 +9,7 @@
 | delimiter | Delimiter to be used between `namespace`, `stage`, `name` and `attributes` | string | `-` | no |
 | enabled | Set to `false` to prevent the module from creating any resources | string | `true` | no |
 | force_destroy | A boolean string that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. | string | `false` | no |
-| kms_master_key_id | The AWS KMS master key ID used for the `SSE-KMS` encryption. This can only be used when you set the value of `sse_algorithm` as `aws:kms`. The default aws/s3 AWS KMS master key is used if this element is absent while the `sse_algorithm` is `aws:kms` | string | `` | no |
+| kms_master_key_arn | The AWS KMS master key ARN used for the `SSE-KMS` encryption. This can only be used when you set the value of `sse_algorithm` as `aws:kms`. The default aws/s3 AWS KMS master key is used if this element is absent while the `sse_algorithm` is `aws:kms` | string | `` | no |
 | name | Name  (e.g. `app` or `db`) | string | - | yes |
 | namespace | Namespace (e.g. `eg` or `cp`) | string | - | yes |
 | policy | A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. | string | `` | no |
diff --git a/main.tf b/main.tf
index 74a2bac6..cdac5e51 100644
--- a/main.tf
+++ b/main.tf
@@ -27,7 +27,7 @@ resource "aws_s3_bucket" "default" {
     rule {
       apply_server_side_encryption_by_default {
         sse_algorithm     = "${var.sse_algorithm}"
-        kms_master_key_id = "${var.kms_master_key_id}"
+        kms_master_key_id = "${var.kms_master_key_arn}"
       }
     }
   }
diff --git a/variables.tf b/variables.tf
index 958b0f8e..73422234 100644
--- a/variables.tf
+++ b/variables.tf
@@ -67,10 +67,10 @@ variable "sse_algorithm" {
   description = "The server-side encryption algorithm to use. Valid values are `AES256` and `aws:kms`"
 }
 
-variable "kms_master_key_id" {
+variable "kms_master_key_arn" {
   type        = "string"
   default     = ""
-  description = "The AWS KMS master key ID used for the `SSE-KMS` encryption. This can only be used when you set the value of `sse_algorithm` as `aws:kms`. The default aws/s3 AWS KMS master key is used if this element is absent while the `sse_algorithm` is `aws:kms`"
+  description = "The AWS KMS master key ARN used for the `SSE-KMS` encryption. This can only be used when you set the value of `sse_algorithm` as `aws:kms`. The default aws/s3 AWS KMS master key is used if this element is absent while the `sse_algorithm` is `aws:kms`"
 }
 
 variable "enabled" {