diff --git a/Makefile b/Makefile
index 78d09be1..6affc43a 100644
--- a/Makefile
+++ b/Makefile
@@ -4,7 +4,8 @@ SOURCES := \
 	lambda/tea_bumper.py \
 	lambda/update_lambda.py
 
-RESOURCES := $(wildcard lambda/templates/*)
+HTML_TEMPLATES := $(wildcard lambda/templates/*.html)
+MD_TEMPLATES := $(wildcard lambda/templates/*.md)
 TERRAFORM := $(wildcard terraform/*)
 
 REQUIREMENTS_IN := $(wildcard requirements/*.in)
@@ -15,7 +16,9 @@ DIR := dist
 EMPTY := $(DIR)/empty
 # Temporary artifacts
 DIST_SOURCES := $(SOURCES:lambda/%=$(DIR)/code/%)
-DIST_RESOURCES := $(RESOURCES:lambda/%=$(DIR)/code/%)
+DIST_MD_RESOURCES := $(MD_TEMPLATES:lambda/%.md=$(DIR)/code/%.html)
+DIST_HTML_RESOURCES := $(HTML_TEMPLATES:lambda/%=$(DIR)/code/%)
+DIST_RESOURCES := $(DIST_HTML_RESOURCES) $(DIST_MD_RESOURCES)
 DIST_TERRAFORM := $(TERRAFORM:terraform/%=$(DIR)/terraform/%)
 
 BUCKET_MAP_OBJECT_KEY := DEFAULT
@@ -105,8 +108,13 @@ $(DIR)/thin-egress-app-dependencies.zip: requirements/requirements.txt $(REQUIRE
 	@mkdir -p $(DIR)/python
 	$(DOCKER_LAMBDA_CI) build/dependency_builder.sh "$(DIR)/thin-egress-app-dependencies.zip" "$(DIR)"
 
+.SECONDARY: $(DIST_MD_RESOURCES)
+$(DIST_MD_RESOURCES): $(DIR)/code/%.html: lambda/%.md $(BUILD_VENV)
+	@mkdir -p $(@D)
+	$(BUILD_VENV)/bin/python scripts/render_md.py $< --output $@
+
 .SECONDARY: $(DIST_RESOURCES)
-$(DIST_RESOURCES): $(DIR)/code/%: lambda/%
+$(DIST_HTML_RESOURCES): $(DIR)/code/%: lambda/%
 	@mkdir -p $(@D)
 	cp $< $@
 
diff --git a/cloudformation/thin-egress-app.yaml.j2 b/cloudformation/thin-egress-app.yaml.j2
index 062a2a0b..5808dc74 100644
--- a/cloudformation/thin-egress-app.yaml.j2
+++ b/cloudformation/thin-egress-app.yaml.j2
@@ -716,6 +716,16 @@ Resources:
       PathPart: 's3credentials'
       RestApiId: !Ref EgressApiGateway
 
+  EgressApiResourceS3CredentialsREADME:
+    Type: AWS::ApiGateway::Resource
+    Condition: S3CredentialsEndpointIsSet
+    DependsOn:
+      - EgressApiGateway
+    Properties:
+      ParentId: !GetAtt EgressApiGateway.RootResourceId
+      PathPart: 's3credentialsREADME'
+      RestApiId: !Ref EgressApiGateway
+
   EgressApiResourceProfile:
     Type: AWS::ApiGateway::Resource
     DependsOn:
@@ -925,6 +935,23 @@ Resources:
       ResourceId: !Ref EgressApiResourceS3Credentials
       RestApiId: !Ref EgressApiGateway
 
+  EgressAPIMethodS3CredentialsREADME:
+    Type: AWS::ApiGateway::Method
+    Condition: S3CredentialsEndpointIsSet
+    Properties:
+      ApiKeyRequired: false
+      AuthorizationType: 'NONE'
+      HttpMethod: 'GET'
+      Integration:
+        IntegrationHttpMethod: 'POST'
+        IntegrationResponses:
+          - StatusCode: 200
+        Type: 'AWS_PROXY'
+        Uri: !Sub "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${EgressLambda.Arn}/invocations"
+      OperationName: 's3credentialsREADME view'
+      ResourceId: !Ref EgressApiResourceS3CredentialsREADME
+      RestApiId: !Ref EgressApiGateway
+
   EgressAPIMethodProfile:
     Type: AWS::ApiGateway::Method
     Properties:
diff --git a/docs/configuration.md b/docs/configuration.md
index d91667f4..3ec6e680 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -1,3 +1,5 @@
+# Configuration
+
 ## Bucket Mapping
 
 At the heart of TEA is the concept of the Bucket Map. This YAML file tells TEA how to
diff --git a/docs/deploying.md b/docs/deploying.md
index 4abd8634..320ad77f 100644
--- a/docs/deploying.md
+++ b/docs/deploying.md
@@ -1,3 +1,5 @@
+# Deploying
+
 ## Quickstart
 
 You can either download [`deploy.sh`](https://github.com/asfadmin/thin-egress-app/blob/devel/build/deploy.sh)
diff --git a/docs/index.md b/docs/index.md
index 88dbafd8..7df5956c 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -1,4 +1,5 @@
 # Thin Egress App
+
 ## Purpose of TEA
 
 TEA is a fully Earthdata Cloud (EDC) compliant application to enable
diff --git a/docs/s3access.md b/docs/s3access.md
index 45939977..ad5d6d42 100644
--- a/docs/s3access.md
+++ b/docs/s3access.md
@@ -1,83 +1,130 @@
-## S3 Direct Access
+# S3 Direct Access
+
 *NOTE: Support for S3 direct access is currently experimental*
 
 You can retrieve temporary S3 credentials at the `/s3credentials` endpoint when
-authenticated via earthdata login. These credentials will be valid for 1 hour
+authenticated via Earthdata Login. These credentials will only be valid for
+**1 hour** due to
+[role chaining](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html)
 and can be used make in-region `s3:ListBucket` and `s3:GetObject` requests.
+Your code must handle expired tokens and request new ones as needed
+for sessions that exceed this 1 hour limit.
 
-### Request
-Credentials are retrieved through a `GET` request to the `/s3credentials`
-endpoint. An optional header `app-name` can be provided to include in the
-generated role session name which will show up in EMS logs.
+## Request
 
-**Params:**
-None.
+Credentials are retrieved through an HTTP `GET` request to the `/s3credentials`
+endpoint. The request must be authenticated with either a JWT token for TEA or
+by using
+[EDL Bearer Tokens](https://urs.earthdata.nasa.gov/documentation/for_users/user_token).
+Unauthenticated requests will be redirected to EDL.
 
 **Headers:**
-  - `app-name`: A string to include in the generated role session name for
-  metric reporting purposes. It is recommended to include this header when
-  making requests on users behalf from another cloud service. The generated
-  role session name is `username@app-name`.
+
+* (optional) `app-name`: An arbitrary string to include in the generated role
+  session name for metric reporting purposes. It can only contain characters
+  that are valid in a `RoleSessionName` see the
+  [AssumeRole documentation](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html#API_AssumeRole_RequestParameters).
+  It is recommended to include this header when making requests on users behalf
+  from another cloud service. The generated role session name is
+  `username@app-name`.
 
 **Example:**
 ```python
 import requests
 
-requests.get(
+resp = requests.get(
     "https://your-tea-host/s3credentials",
     headers={"app-name": "my-application"},
     cookies={"asf-urs": "<your jwt token>"}
 )
+print(resp.json())
 ```
 
-### Response
-The response is your temporary credentials as returned by Amazon STS.
-[See the AWS Credentials reference](https://docs.aws.amazon.com/STS/latest/APIReference/API_Credentials.html")
+## Response
+
+The response is your temporary credentials as returned by Amazon STS. See the
+[AWS Credentials reference](https://docs.aws.amazon.com/STS/latest/APIReference/API_Credentials.html) for more details.
 
 **Example:**
 ```json
 {
-  "AccessKeyId": "AKIAIOSFODNN7EXAMPLE",
-  "SecretAccessKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
-  "SessionToken": "LONGSTRINGOFCHARACTERS.../HJLgV91QJFCMlmY8slIEOjrOChLQYmzAqrb5U1ekoQAK6f86HKJFTT2dONzPgmJN9ZvW5DBwt6XUxC9HAQ0LDPEYEwbjGVKkzSNQh/",
-  "Expiration": "2021-01-27 00:50:09+00:00"
+    "AccessKeyId": "AKIAIOSFODNN7EXAMPLE",
+    "SecretAccessKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
+    "SessionToken": "LONGSTRINGOFCHARACTERS.../HJLgV91QJFCMlmY8slIEOjrOChLQYmzAqrb5U1ekoQAK6f86HKJFTT2dONzPgmJN9ZvW5DBwt6XUxC9HAQ0LDPEYEwbjGVKkzSNQh/",
+    "Expiration": "2021-01-27 00:50:09+00:00"
 }
 ```
 
-### Using Temporary Credentials
-To use the credentials you must configure your AWS client with the returned
-access key, secret and token. Note that the credentials will only work in-
-region, so you will get 403 errors if you try to use them with the AWS cli.
+## Using Temporary Credentials
+
+To use the credentials you must configure your AWS SDK library with the
+returned access key, secret and token. Note that the credentials are only valid
+for in-region requests, so using them with your AWS CLI will not work! You must
+make your requests from an AWS service such as Lambda or EC2 in the same region
+as the source bucket you are pulling from. See
+[Using temporary credentials with AWS resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
+for more information on how to use your temporary credentials.
 
 **Example:**
-```python
-import boto3
-import requests
 
-def get_client():
-  resp = requests.get(
-      "https://your-tea-host/s3credentials",
-      headers={"app-name": "my-application"},
-      cookies={"asf-urs": "<your jwt token>"}
-  )
-  resp.raise_for_status()
-  creds = resp.json()
-
-  return boto3.client(
-      "s3",
-      aws_access_key_id=creds["AccessKeyId"],
-      aws_secret_access_key=creds["SecretAccessKey"],
-      aws_session_token=creds["SessionToken"]
-  )
+This example lambda function uses
+[EDL Bearer Tokens](https://urs.earthdata.nasa.gov/documentation/for_users/user_token)
+to obtain s3 credentials and stream an object from one bucket to another. The
+lambda execution role will need `s3:PutObject` permissions on the destination
+bucket.
 
-```
 
-### Limits
+```python
+import boto3
+import json
+import urllib.request
+
+
+def lambda_handler(event, context):
+    # Get temporary download credentials
+    tea_url = event["CredentialsEndpoint"]
+    bearer_token = event["BearerToken"]
+    req = urllib.request.Request(
+        url=tea_url,
+        headers={"Authorization": f"Bearer {bearer_token}"}
+    )
+    with urllib.request.urlopen(req) as f:
+        creds = json.loads(f.read().decode())
+
+    # Set up separate boto3 clients for download and upload
+    download_client = boto3.client(
+        "s3",
+        aws_access_key_id=creds["AccessKeyId"],
+        aws_secret_access_key=creds["SecretAccessKey"],
+        aws_session_token=creds["SessionToken"]
+    )
+    # Lambda needs to have permission to upload to destination bucket
+    upload_client = boto3.client("s3")
+
+    # Stream from the source bucket to the destination bucket
+    resp = download_client.get_object(
+        Bucket=event["Source"]["Bucket"],
+        Key=event["Source"]["Key"],
+    )
+    upload_client.upload_fileobj(
+        resp["Body"],
+        event["Dest"]["Bucket"],
+        event["Dest"].get("Key") or event["Source"]["Key"],
+    )
+```
 
-The credentials dispensed from the `/s3credentials` endpoint are valid for
-**1 hour**. Your code must handle expired tokens and request new ones as needed
-for sessions that exceed this 1 hour limit. This is an AWS Limit is due to
-[role chaining](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html)
+The example can be invoked with an event payload as follows:
 
-These credentials will have `s3:GetObject` and `s3:ListBucket` permissions on
-the configured resources.
+```json
+{
+    "CredentialsEndpoint": "https://your-tea-host/s3credentials",
+    "BearerToken": "your bearer token",
+    "Source": {
+        "Bucket": "S3 bucket name from CMR link",
+        "Key": "S3 key from CMR link"
+    },
+    "Dest": {
+        "Bucket": "S3 bucket name to copy to"
+    }
+}
+```
diff --git a/docs/technical.md b/docs/technical.md
index c90c9feb..14eb9753 100644
--- a/docs/technical.md
+++ b/docs/technical.md
@@ -1,3 +1,5 @@
+# Technical
+
 ## System Architecture
 
 TEA is a [Python Chalice](https://github.com/aws/chalice)
diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md
index 287a15ec..936f5f19 100644
--- a/docs/troubleshooting.md
+++ b/docs/troubleshooting.md
@@ -1,3 +1,5 @@
+# Troubleshooting
+
 ## When things go wrong
 
 There is a lot that _can_ go wrong, but we hope that if you followed this
diff --git a/docs/vision.md b/docs/vision.md
index 6e25a84e..d594b89f 100644
--- a/docs/vision.md
+++ b/docs/vision.md
@@ -1,3 +1,5 @@
+# Vision
+
 We the **TEA**m strive to create the simplest, most reliable, most feature-rich S3
 distribution app. Our intent is not to provide EVERY feature imaginable, but to maintain the
 **THIN** core of broadly applicable features. We want to continue to engage the user
diff --git a/lambda/app.py b/lambda/app.py
index 714da6f2..18d3ee30 100644
--- a/lambda/app.py
+++ b/lambda/app.py
@@ -1032,6 +1032,12 @@ def get_s3_credentials(user_id: str, role_session_name: str, policy: dict):
     return response["Credentials"]
 
 
+@app.route('/s3credentialsREADME', methods=['GET'])
+@with_trace(context={})
+def s3credentials_readme():
+    return make_html_response({}, {}, 200, "s3credentials_readme.html")
+
+
 @app.route('/profile')
 @with_trace(context={})
 def profile():
diff --git a/lambda/templates/base.html b/lambda/templates/base.html
index 13ccc3c3..d0f6e7e8 100644
--- a/lambda/templates/base.html
+++ b/lambda/templates/base.html
@@ -28,6 +28,7 @@
                 font-size: 85%;
             }
         </style>
+        {% block head %}{% endblock %}
    </head>
 
    <body>
diff --git a/lambda/templates/s3access.md b/lambda/templates/s3access.md
new file mode 120000
index 00000000..8ab38ce0
--- /dev/null
+++ b/lambda/templates/s3access.md
@@ -0,0 +1 @@
+../../docs/s3access.md
\ No newline at end of file
diff --git a/lambda/templates/s3credentials_readme.html b/lambda/templates/s3credentials_readme.html
new file mode 100644
index 00000000..40e41038
--- /dev/null
+++ b/lambda/templates/s3credentials_readme.html
@@ -0,0 +1,99 @@
+{% extends "base.html" %}
+
+{% block pagetitle %}
+S3 Credentials Readme
+{% endblock %}
+
+{% block head %}
+<!-- Markdown style -->
+{% raw %}
+<style>
+#wrapper{color:#24292e;font-family:-apple-system, BlinkMacSystemFont, 'Segoe UI', Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol';margin:0;text-size-adjust:100%}#wrapper aside,#wrapper article,#wrapper details,#wrapper figcaption,#wrapper figure,#wrapper footer,#wrapper header,#wrapper hgroup,#wrapper main,#wrapper menu,#wrapper nav,#wrapper section,#wrapper summary{display:block}#wrapper audio,#wrapper canvas,#wrapper progress,#wrapper video{display:inline-block;vertical-align:baseline}#wrapper audio:not([controls]){display:none;height:0}#wrapper [hidden],#wrapper template{display:none}#wrapper a{background-color:transparent}#wrapper a:active,#wrapper a:hover{outline:0}#wrapper abbr[title]{border-bottom:1px dotted}#wrapper b,#wrapper strong{font-weight:bold}#wrapper dfn{font-style:italic}#wrapper mark{background:#ff0;color:#000}#wrapper small{font-size:80%}#wrapper sub,#wrapper sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}#wrapper sup{top:-.5em}#wrapper sub{bottom:-.25em}#wrapper img{border:0}#wrapper svg:not(:root){overflow:hidden}#wrapper figure{margin:1em 40px}#wrapper hr{box-sizing:content-box;height:0}#wrapper pre{overflow:auto}#wrapper code,#wrapper kbd,#wrapper pre,#wrapper samp{font-family:monospace, monospace;font-size:1em}#wrapper button,#wrapper input,#wrapper optgroup,#wrapper select,#wrapper textarea{color:inherit;font:inherit;margin:0}#wrapper button{overflow:visible}#wrapper button,#wrapper select{text-transform:none}#wrapper button,#wrapper input[type='button'],#wrapper input[type='reset'],#wrapper input[type='submit']{-webkit-appearance:button;cursor:pointer}#wrapper button[disabled]{cursor:default}#wrapper button::-moz-focus-inner,#wrapper input::-moz-focus-inner{border:0;padding:0}#wrapper input{line-height:normal}#wrapper input[type='checkbox'],#wrapper input[type='radio']{box-sizing:border-box;padding:0}#wrapper input[type='number']::-webkit-inner-spin-button,#wrapper input[type='number']::-webkit-outer-spin-button{height:auto}#wrapper input[type='search']{-webkit-appearance:textfield;box-sizing:content-box}#wrapper input[type='search']::-webkit-search-cancel-button,#wrapper input[type='search']::-webkit-search-decoration{-webkit-appearance:none}#wrapper fieldset{border:1px solid #c0c0c0;margin:0 2px;padding:0.35em 0.625em 0.75em}#wrapper legend{border:0;padding:0}#wrapper textarea{overflow:auto}#wrapper optgroup{font-weight:bold}#wrapper table{border-collapse:collapse;border-spacing:0}#wrapper *{box-sizing:border-box}#wrapper input,#wrapper select,#wrapper textarea,#wrapper button{font:14px/21px -apple-system, BlinkMacSystemFont, 'Segoe UI', Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'}#wrapper body{font:14px/21px -apple-system, BlinkMacSystemFont, 'Segoe UI', Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol';color:#333;background-color:#fff}#wrapper a{color:#4078c0;text-decoration:none}#wrapper a:hover,#wrapper a:active{text-decoration:underline}#wrapper hr,#wrapper .rule{background:transparent;border:0;border-bottom:1px solid #ddd;height:0;margin:15px 0;overflow:hidden}#wrapper hr:before,#wrapper .rule:before{content:'';display:table}#wrapper hr:after,#wrapper .rule:after{clear:both;content:'';display:table}#wrapper h1,#wrapper h2,#wrapper h3,#wrapper h4,#wrapper h5,#wrapper h6{font-weight:600;line-height:1.1;margin:24px 0 16px;padding:0}#wrapper h1,#wrapper h2{border-bottom:1px solid #eaecef}#wrapper h1{font-size:32px;line-height:40px;margin:0 0 16px;padding:0 0 9.600000381469727px}#wrapper h2{font-size:24px;line-height:30px;padding:0 0 7.199999809265137px}#wrapper h3{font-size:20px;line-height:25px}#wrapper h4{font-size:16px;line-height:20px;margin:24px 0 16px;padding:0}#wrapper h5{font-size:14px;line-height:17px}#wrapper h6{font-size:13.600000381469727px;line-height:17px}#wrapper small{font-size:90%}#wrapper blockquote{margin:0}#wrapper ol ol,#wrapper ul ol{list-style-type:lower-roman}#wrapper ul ul ol,#wrapper ul ol ol,#wrapper ol ul ol,#wrapper ol ol ol{list-style-type:lower-alpha}#wrapper dd{margin-left:0}#wrapper tt,#wrapper code,#wrapper pre{font-family:SFMono-Regular,Consolas,Liberation Mono,Menlo,Courier,monospace}#wrapper pre{background-color:#f6f8fa;border-radius:3px;font-size:85%;line-height:1.45;overflow:auto;padding:16px;margin-top:0;margin-bottom:0}#wrapper{-webkit-font-smoothing:antialiased;background:#fff;border:solid 1px #dddddd !important;border-radius:3px;color:#333;font:14px -apple-system, BlinkMacSystemFont, 'Segoe UI', Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol';line-height:1.6;padding:3px}p{margin:1em 0}a{color:#4183c4;text-decoration:none}#wrapper{background-color:#fff;font-size:16px;line-height:1.6;margin:15px;padding:30px}#wrapper>*:first-child{margin-top:0 !important}#wrapper>*:last-child{margin-bottom:0 !important}@media screen{#wrapper{border:solid 1px #ddd}}p,blockquote,ul,ol,dl,table,pre{margin-bottom:16px}hr{height:4px;padding:0;margin:16px 0;background-color:#e7e7e7;border:0 none}ul,ol{padding-left:2.8rem}ul.no-list,ol.no-list{padding:0;list-style-type:none}ul ul,ul ol{margin-top:0;margin-bottom:0}ol ol,ol ul{margin-top:0;margin-bottom:0}li>p{margin-bottom:0}li p+p{margin-top:16px}dl{padding:0}dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:700}dl dd{padding:0 16px;margin-bottom:16px}blockquote{padding:0 15px;margin-left:0;color:#777;border-left:4px solid #ddd}blockquote>:first-child{margin-top:0}blockquote>:last-child{margin-bottom:0}table{display:block;width:100%;overflow:auto}table th{font-weight:700;padding:6px 13px;border:1px solid #ddd}table td{padding:6px 13px;border:1px solid #ddd}table tr{background-color:#fff;border-top:1px solid #ccc}table tr:nth-child(2n){background-color:#f8f8f8}img{max-width:100%;-moz-box-sizing:border-box;box-sizing:border-box}span.frame{display:block;overflow:hidden}span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #ddd}span.frame span img{display:block;float:left}span.frame span span{display:block;padding:5px 0 0;clear:both;color:#333}span.align-center{display:block;overflow:hidden;clear:both}span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}span.align-center span img{margin:0 auto;text-align:center}span.align-right{display:block;overflow:hidden;clear:both}span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}span.align-right span img{margin:0;text-align:right}span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}span.float-left span{margin:13px 0 0}span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}code,tt{background-color:rgba(0,0,0,0.04);border-radius:3px;font-size:85%;margin:0;padding-bottom:.2em;padding-top:.2em;padding:0}code::before,code::after{content:'\00a0';letter-spacing:-.2em}tt:before,tt:after{content:'\00a0';letter-spacing:-.2em}code br,tt br{display:none}del code{text-decoration:inherit;vertical-align:text-top}pre>code{padding:0;margin:0;font-size:100%;white-space:pre;background:transparent;border:0}.highlight{margin-bottom:16px}.highlight pre{padding:16px;margin-bottom:0;overflow:auto;font-size:85%;line-height:1.45;background-color:#f7f7f7;border-radius:3px}pre{padding:16px;margin-bottom:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f7f7f7;border-radius:3px;word-wrap:normal}pre code,pre tt{display:inline;max-width:initial;padding:0;margin:0;overflow:initial;line-height:inherit;word-wrap:normal;background-color:transparent;border:0}pre code:before,pre code:after{content:normal}pre tt:before,pre tt:after{content:normal}.poetry pre{font-family:Georgia, Garamond, serif !important;font-style:italic;font-size:110% !important;line-height:1.6em;display:block;margin-left:1em}.poetry pre code{font-family:Georgia, Garamond, serif !important;word-break:break-all;word-break:break-word;-webkit-hyphens:auto;-moz-hyphens:auto;hyphens:auto;white-space:pre-wrap}sup,sub,a.footnote{font-size:1.4ex;height:0;line-height:1;vertical-align:super;position:relative}sub{vertical-align:sub;top:-1px}@media print{body{background:#fff}img,table,figure{page-break-inside:avoid}#wrapper{background:#fff;border:none !important;font-size:12px}pre code{overflow:visible}}@media screen{body.inverted{border-color:#555;box-shadow:none;color:#eee !important}.inverted #wrapper,.inverted hr,.inverted p,.inverted td,.inverted li,.inverted h1,.inverted h2,.inverted h3,.inverted h4,.inverted h5,.inverted h6,.inverted th,.inverted .math,.inverted caption,.inverted dd,.inverted dt,.inverted blockquote{border-color:#555;box-shadow:none;color:#eee !important}.inverted td,.inverted th{background:#333}.inverted pre,.inverted code,.inverted tt{background:#eeeeee !important;color:#111}.inverted h2{border-color:#555555}.inverted hr{border-color:#777;border-width:1px !important}::selection{background:rgba(157,193,200,0.5)}h1::selection{background-color:rgba(45,156,208,0.3)}h2::selection{background-color:rgba(90,182,224,0.3)}h3::selection,h4::selection,h5::selection,h6::selection,li::selection,ol::selection{background-color:rgba(133,201,232,0.3)}code::selection{background-color:rgba(0,0,0,0.7);color:#eeeeee}code span::selection{background-color:rgba(0,0,0,0.7) !important;color:#eeeeee !important}a::selection{background-color:rgba(255,230,102,0.2)}.inverted a::selection{background-color:rgba(255,230,102,0.6)}td::selection,th::selection,caption::selection{background-color:rgba(180,237,95,0.5)}.inverted{background:#0b2531;background:#252a2a}.inverted #wrapper{background:#252a2a}.inverted a{color:#acd1d5}}.highlight{background:#fff}.highlight .c{color:#998;font-style:italic}.highlight .err{color:#a61717;background-color:#e3d2d2}.highlight .k,.highlight .o{font-weight:700}.highlight .cm{color:#998;font-style:italic}.highlight .cp{color:#999;font-weight:700}.highlight .c1{color:#998;font-style:italic}.highlight .cs{color:#999;font-weight:700;font-style:italic}.highlight .gd{color:#000;background-color:#fdd}.highlight .gd .x{color:#000;background-color:#faa}.highlight .ge{font-style:italic}.highlight .gr{color:#a00}.highlight .gh{color:#999}.highlight .gi{color:#000;background-color:#dfd}.highlight .gi .x{color:#000;background-color:#afa}.highlight .go{color:#888}.highlight .gp{color:#555}.highlight .gs{font-weight:700}.highlight .gu{color:purple;font-weight:700}.highlight .gt{color:#a00}.highlight .kc,.highlight .kd,.highlight .kn,.highlight .kp,.highlight .kr{font-weight:700}.highlight .kt{color:#458;font-weight:700}.highlight .m{color:#099}.highlight .s{color:#d14}.highlight .n{color:#333}.highlight .na{color:teal}.highlight .nb{color:#0086b3}.highlight .nc{color:#458;font-weight:700}.highlight .no{color:teal}.highlight .ni{color:purple}.highlight .ne,.highlight .nf{color:#900;font-weight:700}.highlight .nn{color:#555}.highlight .nt{color:navy}.highlight .nv{color:teal}.highlight .ow{font-weight:700}.highlight .w{color:#bbb}.highlight .mf,.highlight .mh,.highlight .mi,.highlight .mo{color:#099}.highlight .sb,.highlight .sc,.highlight .sd,.highlight .s2,.highlight .se,.highlight .sh,.highlight .si,.highlight .sx{color:#d14}.highlight .sr{color:#009926}.highlight .s1{color:#d14}.highlight .ss{color:#990073}.highlight .bp{color:#999}.highlight .vc,.highlight .vg,.highlight .vi{color:teal}.highlight .il{color:#099}.highlight .gc{color:#999;background-color:#EAF2F5}.type-csharp .highlight .k,.type-csharp .highlight .kt{color:blue}.type-csharp .highlight .nf{color:#000;font-weight:400}.type-csharp .highlight .nc{color:#2b91af}.type-csharp .highlight .nn{color:#000}.type-csharp .highlight .s,.type-csharp .highlight .sc{color:#a31515}.type-csharp .highlight .k,.type-csharp .highlight .kt{color:#00F}.type-csharp .highlight .nf{color:#000;font-weight:normal}.type-csharp .highlight .nc{color:#2B91AF}.type-csharp .highlight .nn{color:#000}.type-csharp .highlight .s,.type-csharp .highlight .sc{color:#A31515}body.dark #wrapper{background:transparent !important;box-shadow:none !important}kbd{background-color:#fafbfc;border:1px solid #d1d5da;border-radius:3px;box-shadow:inset 0 -1px 0 #d1d5da;color:#444d56;display:inline-block;font:11px SFMono-Regular, Consolas, Liberation Mono, Menlo, monospace;line-height:10px;padding:3px 5px;vertical-align:middle}.inverted kbd{background-color:#666;color:#fff}
+#mkreplaced-toc{list-style-position:inside;padding:0;margin:0 0 0 1rem;list-style-type:none}#mkreplaced-toc li::before{content:''}#mkreplaced-toc li{font-size:1rem;line-height:1.25;font-weight:normal}#mkreplaced-toc li ul{font-size:1.3rem;font-weight:300;padding:.5rem 0;margin:0 0 0 1rem}#mkreplaced-toc li.missing{list-style-type:none !important}#mkreplaced-toc.max-1 ul,#mkreplaced-toc.max1 ul{display:none}#mkreplaced-toc.max-2 ul ul,#mkreplaced-toc.max2 ul ul{display:none}#mkreplaced-toc.max-3 ul ul ul,#mkreplaced-toc.max3 ul ul ul{display:none}#mkreplaced-toc.max-4 ul ul ul ul,#mkreplaced-toc.max4 ul ul ul ul{display:none}#mkreplaced-toc.max-5 ul ul ul ul ul,#mkreplaced-toc.max5 ul ul ul ul ul{display:none}.mk-rtl{direction:rtl;text-align:right}body.mkkatex-number-equations{counter-reset:eqnum}body.mkkatex-number-equations .katex-display{position:relative}body.mkkatex-number-equations .katex-display::after{counter-increment:eqnum;content:"(" counter(eqnum) ")";position:absolute;left:0;top:25%}body.mkkatex-number-equations.mkkatex-number-equations-right .katex-display::after{right:0;left:auto}.mkprinting,.mkprinting #wrapper{height:auto;margin-bottom:0;padding-bottom:0}.hideProgress #generated-toc,.hideProgress #firstdiff,.hideProgress #toc-title,.hideProgress #mkdocumentprogress,.hideProgress #mkincludechart,.hideProgress #mkprogressbar1,.hideProgress #mkprogressbar2,.hideProgress b.bookmark,.hideProgress .mkscrollmeter,.hideProgress #alllinks,.hideProgress #criticnav,.hideProgress .popup,.hideProgress #progressindicator,.hideProgress #mkautoscroll,.mkprinting #generated-toc,.mkprinting #firstdiff,.mkprinting #toc-title,.mkprinting #mkdocumentprogress,.mkprinting #mkincludechart,.mkprinting #mkprogressbar1,.mkprinting #mkprogressbar2,.mkprinting b.bookmark,.mkprinting .mkscrollmeter,.mkprinting #alllinks,.mkprinting #criticnav,.mkprinting .popup,.mkprinting #progressindicator,.mkprinting #mkautoscroll{display:none !important}.hideProgress .mkstyledtag,.mkprinting .mkstyledtag{display:none}.mkcolor-grammar-error,.mkcolor-spell-error{background:none;border-bottom:none}.mkprinting.mkshowcomments .mkstyledtag{display:inline;background:#ccc;padding:3px 9px;border-radius:20px;font-size:1}@media print{body{background:white;line-height:1.4}html,body,#wrapper{-moz-box-shadow:none;-webkit-box-shadow:none;box-shadow:none;-webkit-perspective:none !important;-webkit-text-size-adjust:none;border:0;box-sizing:border-box;float:none;margin:0;max-width:100%;padding:0;margin-top:0;width:auto}.critic #wrapper mark.crit{background-color:#fffd38 !important;text-decoration:none;color:#000}h1,h2,h3,h4,h5,h6{page-break-after:avoid}p,h2,h3{orphans:3;widows:3}section{page-break-before:avoid}pre>code{white-space:pre;word-break:break-word}#generated-toc,#firstdiff,#toc-title,#mkdocumentprogress,#mkincludechart,#mkprogressbar1,#mkprogressbar2,.mkscrollmeter,#alllinks,.popup{display:none !important}.suppressprintlinks a{border-bottom:none !important;color:inherit !important;cursor:default !important;text-decoration:none !important}.hrefafterlinktext #wrapper a:link:after,.hrefafterlinktext #wrapper a:visited:after{content:" (" attr(href) ") ";font-size:90%;opacity:.9}.nocodebreak pre{page-break-inside:avoid}img,table,figure{page-break-inside:avoid}.breakfootnotes .footnotes{page-break-before:always}.breakfootnotes .footnotes hr{display:none}#mktoctitle{display:block}#print-title{border-bottom:solid 1px #666;display:block}#wrapper pre{white-space:pre;white-space:pre-wrap;word-wrap:break-word}#wrapper #generated-toc-clone,#wrapper #mkreplaced-toc{display:block}.task-list .task-list-item{list-style-type:none !important}.task-list .gh-complete.task-list-item .task-list-item-checkbox:before{background:#838387;content:'\2713'}.task-list .task-list-item-checkbox{-webkit-appearance:none;position:relative}.task-list .task-list-item-checkbox:before{border:solid 1px #aaa;border-radius:2px;color:white;content:' ';display:block;font-weight:bold;height:1em;left:-20px;line-height:1;position:absolute;text-align:center;top:-.75em;width:1em}}
+#wrapper #generated-toc-clone,#wrapper #mkreplaced-toc,#wrapper #generated-toc-clone ul,#wrapper #mkreplaced-toc ul{list-style-position:inside}#wrapper #generated-toc-clone li.missing,#wrapper #mkreplaced-toc li.missing{list-style-type: none!important}#wrapper #generated-toc-clone ul,#wrapper #mkreplaced-toc ul{list-style-type: upper-roman}#wrapper #generated-toc-clone>ul>li>ul,#wrapper #mkreplaced-toc>li>ul {list-style-type: decimal}#wrapper #generated-toc-clone>ul>li>ul>li>ul,#wrapper #mkreplaced-toc>li>ul>li>ul{list-style-type: decimal-leading-zero}#wrapper #generated-toc-clone>ul>li>ul>li>ul>li>ul,#wrapper #mkreplaced-toc>li>ul>li>ul>li>ul{list-style-type: lower-greek}#wrapper #generated-toc-clone>ul>li>ul>li>ul>li>ul>li>ul,#wrapper #mkreplaced-toc>li>ul>li>ul>li>ul>li>ul{list-style-type: disc}#wrapper #generated-toc-clone>ul>li>ul>li>ul>li>ul>li>ul>li>ul,#wrapper #mkreplaced-toc>li>ul>li>ul>li>ul>li>ul>li>ul{list-style-type: square}#wrapper #generated-toc-clone,#wrapper #mkreplaced-toc{}
+</style>
+{% endraw %}
+<!-- CodeHilite style -->
+<style>
+  pre { line-height: 125%; }
+  td.linenos .normal { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
+  span.linenos { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
+  td.linenos .special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
+  span.linenos.special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
+  .highlight .hll { background-color: #ffffcc }
+  .highlight { background: #f8f8f8; }
+  .highlight .c { color: #3D7B7B; font-style: italic } /* Comment */
+  .highlight .err { border: 1px solid #FF0000 } /* Error */
+  .highlight .k { color: #008000; font-weight: bold } /* Keyword */
+  .highlight .o { color: #666666 } /* Operator */
+  .highlight .ch { color: #3D7B7B; font-style: italic } /* Comment.Hashbang */
+  .highlight .cm { color: #3D7B7B; font-style: italic } /* Comment.Multiline */
+  .highlight .cp { color: #9C6500 } /* Comment.Preproc */
+  .highlight .cpf { color: #3D7B7B; font-style: italic } /* Comment.PreprocFile */
+  .highlight .c1 { color: #3D7B7B; font-style: italic } /* Comment.Single */
+  .highlight .cs { color: #3D7B7B; font-style: italic } /* Comment.Special */
+  .highlight .gd { color: #A00000 } /* Generic.Deleted */
+  .highlight .ge { font-style: italic } /* Generic.Emph */
+  .highlight .gr { color: #E40000 } /* Generic.Error */
+  .highlight .gh { color: #000080; font-weight: bold } /* Generic.Heading */
+  .highlight .gi { color: #008400 } /* Generic.Inserted */
+  .highlight .go { color: #717171 } /* Generic.Output */
+  .highlight .gp { color: #000080; font-weight: bold } /* Generic.Prompt */
+  .highlight .gs { font-weight: bold } /* Generic.Strong */
+  .highlight .gu { color: #800080; font-weight: bold } /* Generic.Subheading */
+  .highlight .gt { color: #0044DD } /* Generic.Traceback */
+  .highlight .kc { color: #008000; font-weight: bold } /* Keyword.Constant */
+  .highlight .kd { color: #008000; font-weight: bold } /* Keyword.Declaration */
+  .highlight .kn { color: #008000; font-weight: bold } /* Keyword.Namespace */
+  .highlight .kp { color: #008000 } /* Keyword.Pseudo */
+  .highlight .kr { color: #008000; font-weight: bold } /* Keyword.Reserved */
+  .highlight .kt { color: #B00040 } /* Keyword.Type */
+  .highlight .m { color: #666666 } /* Literal.Number */
+  .highlight .s { color: #BA2121 } /* Literal.String */
+  .highlight .na { color: #687822 } /* Name.Attribute */
+  .highlight .nb { color: #008000 } /* Name.Builtin */
+  .highlight .nc { color: #0000FF; font-weight: bold } /* Name.Class */
+  .highlight .no { color: #880000 } /* Name.Constant */
+  .highlight .nd { color: #AA22FF } /* Name.Decorator */
+  .highlight .ni { color: #717171; font-weight: bold } /* Name.Entity */
+  .highlight .ne { color: #CB3F38; font-weight: bold } /* Name.Exception */
+  .highlight .nf { color: #0000FF } /* Name.Function */
+  .highlight .nl { color: #767600 } /* Name.Label */
+  .highlight .nn { color: #0000FF; font-weight: bold } /* Name.Namespace */
+  .highlight .nt { color: #008000; font-weight: bold } /* Name.Tag */
+  .highlight .nv { color: #19177C } /* Name.Variable */
+  .highlight .ow { color: #AA22FF; font-weight: bold } /* Operator.Word */
+  .highlight .w { color: #bbbbbb } /* Text.Whitespace */
+  .highlight .mb { color: #666666 } /* Literal.Number.Bin */
+  .highlight .mf { color: #666666 } /* Literal.Number.Float */
+  .highlight .mh { color: #666666 } /* Literal.Number.Hex */
+  .highlight .mi { color: #666666 } /* Literal.Number.Integer */
+  .highlight .mo { color: #666666 } /* Literal.Number.Oct */
+  .highlight .sa { color: #BA2121 } /* Literal.String.Affix */
+  .highlight .sb { color: #BA2121 } /* Literal.String.Backtick */
+  .highlight .sc { color: #BA2121 } /* Literal.String.Char */
+  .highlight .dl { color: #BA2121 } /* Literal.String.Delimiter */
+  .highlight .sd { color: #BA2121; font-style: italic } /* Literal.String.Doc */
+  .highlight .s2 { color: #BA2121 } /* Literal.String.Double */
+  .highlight .se { color: #AA5D1F; font-weight: bold } /* Literal.String.Escape */
+  .highlight .sh { color: #BA2121 } /* Literal.String.Heredoc */
+  .highlight .si { color: #A45A77; font-weight: bold } /* Literal.String.Interpol */
+  .highlight .sx { color: #008000 } /* Literal.String.Other */
+  .highlight .sr { color: #A45A77 } /* Literal.String.Regex */
+  .highlight .s1 { color: #BA2121 } /* Literal.String.Single */
+  .highlight .ss { color: #19177C } /* Literal.String.Symbol */
+  .highlight .bp { color: #008000 } /* Name.Builtin.Pseudo */
+  .highlight .fm { color: #0000FF } /* Name.Function.Magic */
+  .highlight .vc { color: #19177C } /* Name.Variable.Class */
+  .highlight .vg { color: #19177C } /* Name.Variable.Global */
+  .highlight .vi { color: #19177C } /* Name.Variable.Instance */
+  .highlight .vm { color: #19177C } /* Name.Variable.Magic */
+  .highlight .il { color: #666666 } /* Literal.Number.Integer.Long */
+</style>
+{% endblock %}
+
+{% block content %}
+<div id="wrapper">
+{% include "s3access.html" %}
+</div>
+{% endblock %}
diff --git a/requirements/requirements-make.in b/requirements/requirements-make.in
index 7f7afbf3..67700c12 100644
--- a/requirements/requirements-make.in
+++ b/requirements/requirements-make.in
@@ -1 +1,4 @@
 jinja2
+markdown
+pygments
+pymdown-extensions
diff --git a/requirements/requirements-make.txt b/requirements/requirements-make.txt
index d9c25897..6e757c07 100644
--- a/requirements/requirements-make.txt
+++ b/requirements/requirements-make.txt
@@ -4,7 +4,19 @@
 #
 #    pip-compile requirements/requirements-make.in
 #
+importlib-metadata==5.0.0
+    # via markdown
 jinja2==3.1.2
     # via -r requirements/requirements-make.in
+markdown==3.4.1
+    # via
+    #   -r requirements/requirements-make.in
+    #   pymdown-extensions
 markupsafe==2.1.1
     # via jinja2
+pygments==2.13.0
+    # via -r requirements/requirements-make.in
+pymdown-extensions==9.7
+    # via -r requirements/requirements-make.in
+zipp==3.10.0
+    # via importlib-metadata
diff --git a/scripts/render_md.py b/scripts/render_md.py
new file mode 100644
index 00000000..4015a30d
--- /dev/null
+++ b/scripts/render_md.py
@@ -0,0 +1,34 @@
+import argparse
+from pathlib import Path
+from typing import Optional
+
+import markdown
+
+
+def render_markdown(inpath: Path, outpath: Optional[Path] = None):
+    rendered = markdown.markdown(
+        inpath.read_text(),
+        extensions=[
+            "markdown.extensions.sane_lists",
+            "markdown.extensions.tables",
+            "pymdownx.betterem",
+            "pymdownx.highlight",
+            "pymdownx.superfences",
+        ]
+    )
+    outpath = outpath or inpath.with_suffix(".html")
+    outpath.write_text(rendered)
+
+
+def main():
+    parser = argparse.ArgumentParser()
+    parser.add_argument("input", type=Path)
+    parser.add_argument("--output", "-o", type=Path)
+
+    args = parser.parse_args()
+
+    render_markdown(args.input, args.output)
+
+
+if __name__ == "__main__":
+    main()