diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml
index b87f9afe5..232a71d99 100644
--- a/.github/workflows/ce-provision-publish-docs.yml
+++ b/.github/workflows/ce-provision-publish-docs.yml
@@ -58,6 +58,8 @@ jobs:
       # First build and publish the markdown docs
       - name: Build and commit table of contents and README files back to the repo
         run: |
+          /usr/bin/git fetch origin 2.x
+          /usr/bin/git merge origin/${{ github.event.pull_request.base.ref }} --allow-unrelated-histories
           /bin/sh contribute/toc.sh
           /usr/bin/find . -name "*.md" | xargs git add
           /usr/bin/git diff --staged --quiet || /usr/bin/git commit -am "GitHub Actions - updating markdown docs - ${{ github.event.repository.updated_at }}"
diff --git a/docs/roles/aws/aws_acl.md b/docs/roles/aws/aws_acl.md
index 8cf21ccce..030a017ca 100644
--- a/docs/roles/aws/aws_acl.md
+++ b/docs/roles/aws/aws_acl.md
@@ -1,6 +1,31 @@
 # AWS ACL
 Creates an ACL to be attached to a CloudFront distribution or an Application Load Balancer (ALB).
 
+## Default variables to create WAF
+If the var is list type, it will go through the process of creating and assignng rules to WAF
+aws_acl.yml needs to be located in global or regional vars
+
+If you don't need one of the rules on the WAF, we can just remove it from the "rules"
+
+Since IP set is a thing under WAF, we have option to create, update and use existing set:
+
+IP set with a list of IPs will be marked as a thing that needs to be created/updated
+
+If its defined only with rule_name, set_name, action and priority (leaving the list empty) it will just search existing set and assign it to WAF
+
+## Default variables to Assign WAF to CF/ALB
+If the var is dict type, it will go through the process assignng WAF to CF/ALB
+aws_acl.yml needs to be located in resource vars
+
+Make sure to use "us-east-1" for CLOUDFRONT scope
+or define region where the ALB is located with REGIONAL scope
+```yaml
+---
+aws_acl:
+  name: "{{ _infra_name }}_main_acl"
+  scope: CLOUDFRONT # Can be REGIONAL for ALBs
+  region: "us-east-1"
+```
 <!--TOC-->
 <!--ENDTOC-->
 
diff --git a/docs/roles/debian/gpg_key.md b/docs/roles/debian/gpg_key.md
index 66f867ba5..4bac2216c 100644
--- a/docs/roles/debian/gpg_key.md
+++ b/docs/roles/debian/gpg_key.md
@@ -8,6 +8,7 @@ Generates a passwordless GPG key for a given user or users.
 ```yaml
 ---
 gpg_key_servers:
+  - hkps://keyserver.ubuntu.com
   - hkps://pgp.mit.edu
   - hkps://keys.openpgp.org
 gpg_key:
diff --git a/roles/debian/gpg_key/README.md b/roles/debian/gpg_key/README.md
index 66f867ba5..4bac2216c 100644
--- a/roles/debian/gpg_key/README.md
+++ b/roles/debian/gpg_key/README.md
@@ -8,6 +8,7 @@ Generates a passwordless GPG key for a given user or users.
 ```yaml
 ---
 gpg_key_servers:
+  - hkps://keyserver.ubuntu.com
   - hkps://pgp.mit.edu
   - hkps://keys.openpgp.org
 gpg_key:
diff --git a/roles/debian/pam_ldap/templates/ldap.conf.j2 b/roles/debian/pam_ldap/templates/ldap.conf.j2
index a386e4868..e11941f52 100644
--- a/roles/debian/pam_ldap/templates/ldap.conf.j2
+++ b/roles/debian/pam_ldap/templates/ldap.conf.j2
@@ -1,4 +1,5 @@
 BASE {{ pam_ldap.lookup_base }}
+
 URI {{ pam_ldap.endpoints | join(' ') }}
 {% if pam_ldap.ssl_use_system_ca %}
 TLS_CACERT /etc/ssl/certs/ca-certificates.crt