diff --git a/README.md b/README.md
index 4f67930..6395ff8 100644
--- a/README.md
+++ b/README.md
@@ -98,13 +98,13 @@ module "aws-energy-labeler" {
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_config"></a> [config](#input\_config) | Map containing labeler configuration options | <pre>object({<br>    allowed_account_ids        = optional(list(string), [])<br>    denied_account_ids         = optional(list(string), [])<br>    frameworks                 = optional(list(string), [])<br>    log_level                  = optional(string)<br>    report_suppressed_findings = optional(bool, false)<br>    zone_name                  = string<br>  })</pre> | n/a | yes |
+| <a name="input_kms_key_arn"></a> [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN of the KMS key to use for encryption | `string` | n/a | yes |
 | <a name="input_bucket_name"></a> [bucket\_name](#input\_bucket\_name) | The name of the bucket to store the exported findings (will be created if not specified) | `string` | `null` | no |
 | <a name="input_bucket_prefix"></a> [bucket\_prefix](#input\_bucket\_prefix) | The prefix to use for the bucket | `string` | `"/"` | no |
-| <a name="input_cluster_arn"></a> [cluster\_arn](#input\_cluster\_arn) | ARN of an existing ECS cluster, if not provided a new one will be created | `string` | `null` | no |
+| <a name="input_cluster_arn"></a> [cluster\_arn](#input\_cluster\_arn) | ARN of an existing ECS cluster, if left empty a new cluster will be created | `string` | `null` | no |
 | <a name="input_iam_permissions_boundary"></a> [iam\_permissions\_boundary](#input\_iam\_permissions\_boundary) | The permissions boundary to attach to the IAM role | `string` | `null` | no |
 | <a name="input_iam_role_path"></a> [iam\_role\_path](#input\_iam\_role\_path) | The path for the IAM role | `string` | `"/"` | no |
 | <a name="input_image_uri"></a> [image\_uri](#input\_image\_uri) | The URI of the container image to use | `string` | `"ghcr.io/schubergphilis/awsenergylabeler:main"` | no |
-| <a name="input_kms_key_arn"></a> [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN of the KMS key to use for encryption | `string` | `null` | no |
 | <a name="input_memory"></a> [memory](#input\_memory) | The memory size of the task | `number` | `512` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name prefix of labeler resources | `string` | `"aws-energy-labeler"` | no |
 | <a name="input_schedule_expression"></a> [schedule\_expression](#input\_schedule\_expression) | The cron expression to be used for triggering the labeler | `string` | `"cron(0 13 ? * SUN *)"` | no |
diff --git a/examples/basic/main.tf b/examples/basic/main.tf
index a07d9ce..d62d0d9 100644
--- a/examples/basic/main.tf
+++ b/examples/basic/main.tf
@@ -16,6 +16,8 @@ provider "aws" {
 module "aws-energy-labeler" {
   source = "../../"
 
+  kms_key_arn = "arn:aws:kms:eu-west-1:123456789012:key/1234abcd-12ab-34cd-56ef-123456789012"
+
   config = {
     zone_name = "MYZONE"
   }
diff --git a/main.tf b/main.tf
index 4dca27d..8d7449c 100644
--- a/main.tf
+++ b/main.tf
@@ -211,6 +211,7 @@ module "s3" {
   version = "~> 0.14.1"
 
   name_prefix = "${lower(var.name)}-"
+  kms_key_arn = var.kms_key_arn
   versioning  = true
   tags        = var.tags
 
diff --git a/variables.tf b/variables.tf
index 76108bb..0151716 100644
--- a/variables.tf
+++ b/variables.tf
@@ -28,7 +28,7 @@ variable "bucket_prefix" {
 variable "cluster_arn" {
   type        = string
   default     = null
-  description = "ARN of an existing ECS cluster, if not provided a new one will be created"
+  description = "ARN of an existing ECS cluster, if left empty a new cluster will be created"
 }
 
 variable "config" {
@@ -45,7 +45,6 @@ variable "config" {
 
 variable "kms_key_arn" {
   type        = string
-  default     = null
   description = "The ARN of the KMS key to use for encryption"
 }