diff --git a/root.tf b/root.tf
index eed18f6..5a42823 100644
--- a/root.tf
+++ b/root.tf
@@ -144,7 +144,10 @@ module "upload_file_cloudfront_dirty_s3" {
   cloudfront_oai               = module.cloudfront_upload.cloudfront_oai_iam_arn
   cloudfront_distribution_arns = [module.cloudfront_upload.cloudfront_arn]
 }
-
+# This is the only module that uses the canonical user grants in the tdr-terraform-modules/s3 module
+# Grants are no longer the recommended way to grant access to a bucket. The s3 module will use the
+# canonical user grants id in the bucket policy with permissions equivalent to 'FULL_CONTROL'
+# tdr-terraform-modules/s3 module will be deprecated.
 module "upload_file_cloudfront_logs" {
   source      = "./tdr-terraform-modules/s3"
   project     = var.project
diff --git a/tdr-terraform-modules b/tdr-terraform-modules
index e4cd2c8..fa249c1 160000
--- a/tdr-terraform-modules
+++ b/tdr-terraform-modules
@@ -1 +1 @@
-Subproject commit e4cd2c84e1bc55e7c4d2876d7125ee5b81edb855
+Subproject commit fa249c11505ba2aaeed2567010b74ce41972c531