DOC: updated readme

modules/ManagementGovernance/acm-cert-expiry-notice/README.md

@@ -1,8 +1,6 @@
 ACM sends daily expiration events for all active certificates (public, private and imported) starting 45 days prior to expiration [1].
 This module sets up event rule and sns notification. Deliver email notifications for expiring certificates, useful for imported certificates.
 
-[1] https://docs.aws.amazon.com/acm/latest/userguide/supported-events.html
-
 ## Notes
 * DaysToExpiry cannot be greater than 45
 
@@ -11,7 +9,7 @@ This module sets up event rule and sns notification. Deliver email notifications
 
 An error occurred (ValidationException) when calling the PutAccountConfiguration operation: Days before expiry cannot be over 45.
 ```
-* KMS key for SNS must allow events.amazonaws.com. Check that this statement is present in the KMS key policy. Otherwise you will get FailedInvocation in event rule graph and there is no other debug info.
+* KMS key for SNS must allow events.amazonaws.com. Check that this statement is present in the KMS key policy. Otherwise you will get FailedInvocation in event rule graph and there is no other debug info. The default alias/aws/sns managed key does not allow encryption / decryption from cloudwatch or events [2].
 ```json
 {
 "Sid": "Allow publish from events",
@@ -29,7 +27,8 @@ An error occurred (ValidationException) when calling the PutAccountConfiguration
 "Resource": "*"
 }
 ```
-
+[1] https://docs.aws.amazon.com/acm/latest/userguide/supported-events.html
+[2] https://docs.gruntwork.io/discussions/knowledge-base/238/
 
 ## Sample Event bridge event
 ```json
@@ -99,4 +98,4 @@ No outputs.
  
 ---
 ## Authorship
-This module was developed by UPDATE_THIS.
+This module was developed by xpk.