diff --git a/README.md b/README.md
index dcc1fc6..f1a9b78 100644
--- a/README.md
+++ b/README.md
@@ -78,10 +78,10 @@ No modules.
 
 | Name | Description |
 |------|-------------|
+| <a name="output_arn"></a> [arn](#output\_arn) | The bucket ARN that is created. |
 | <a name="output_bucket"></a> [bucket](#output\_bucket) | The bucket that is created. |
-| <a name="output_bucket_arn"></a> [bucket\_arn](#output\_bucket\_arn) | The bucket ARN that is created. |
-| <a name="output_bucket_id"></a> [bucket\_id](#output\_bucket\_id) | The bucket id that is created. |
 | <a name="output_default_bucket_policy_document"></a> [default\_bucket\_policy\_document](#output\_default\_bucket\_policy\_document) | Default bucket policy document, attached to the bucket if `var.attach_default_bucket_policy=true`. |
+| <a name="output_id"></a> [id](#output\_id) | The bucket id that is created. |
 | <a name="output_kms_key_id"></a> [kms\_key\_id](#output\_kms\_key\_id) | The KMS key ID used for encrypting bucket objects. |
 | <a name="output_region"></a> [region](#output\_region) | The bucket region. |
 
diff --git a/examples/basic/README.md b/examples/basic/README.md
index 6627a11..528b6a6 100644
--- a/examples/basic/README.md
+++ b/examples/basic/README.md
@@ -21,6 +21,27 @@ resource "aws_kms_key" "key" {
   deletion_window_in_days = 7
 }
 
+# Optional KMS key policy.
+data "aws_caller_identity" "current" {}
+resource "aws_kms_key_policy" "key" {
+  key_id = aws_kms_key.key.id
+  policy = jsonencode({
+    Id = "example"
+    Statement = [
+      {
+        Action = "kms:*"
+        Effect = "Allow"
+        Principal = {
+          AWS = data.aws_caller_identity.current.account_id
+        }
+        Resource = "*"
+        Sid      = "Enable IAM User Permissions"
+      },
+    ]
+    Version = "2012-10-17"
+  })
+}
+
 #--------------------------------------------------------------------------------------
 # Example
 #--------------------------------------------------------------------------------------
@@ -91,7 +112,9 @@ module "example" {
 | Name | Type |
 |------|------|
 | [aws_kms_key.key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
+| [aws_kms_key_policy.key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key_policy) | resource |
 | [random_integer.naming](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/integer) | resource |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 
 ----
 <!-- END_TF_DOCS -->
diff --git a/examples/basic/main.tf b/examples/basic/main.tf
index f4f95d2..70772e1 100644
--- a/examples/basic/main.tf
+++ b/examples/basic/main.tf
@@ -17,6 +17,27 @@ resource "aws_kms_key" "key" {
   deletion_window_in_days = 7
 }
 
+# Optional KMS key policy.
+data "aws_caller_identity" "current" {}
+resource "aws_kms_key_policy" "key" {
+  key_id = aws_kms_key.key.id
+  policy = jsonencode({
+    Id = "example"
+    Statement = [
+      {
+        Action = "kms:*"
+        Effect = "Allow"
+        Principal = {
+          AWS = data.aws_caller_identity.current.account_id
+        }
+        Resource = "*"
+        Sid      = "Enable IAM User Permissions"
+      },
+    ]
+    Version = "2012-10-17"
+  })
+}
+
 #--------------------------------------------------------------------------------------
 # Example
 #--------------------------------------------------------------------------------------
diff --git a/outputs.tf b/outputs.tf
index c0ab2bc..6755dae 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1,4 +1,4 @@
-output "bucket_arn" {
+output "arn" {
   description = "The bucket ARN that is created."
   value       = aws_s3_bucket.this.arn
 }
@@ -8,7 +8,7 @@ output "bucket" {
   value       = aws_s3_bucket.this.bucket
 }
 
-output "bucket_id" {
+output "id" {
   description = "The bucket id that is created."
   value       = aws_s3_bucket.this.id
 }