diff --git a/content/master/getting-started/install-crossplane-include.md b/content/master/getting-started/install-crossplane-include.md
new file mode 100644
index 000000000..aa315962c
--- /dev/null
+++ b/content/master/getting-started/install-crossplane-include.md
@@ -0,0 +1,1198 @@
+---
+tocHidden: true
+---
+
+## Install Crossplane
+
+Crossplane installs into an existing Kubernetes cluster. 
+
+{{< hint type="tip" >}}
+If you don't have a Kubernetes cluster create one locally with [Kind](https://kind.sigs.k8s.io/).
+{{< /hint >}}
+
+
+### Install the Crossplane Helm chart
+
+Helm enables Crossplane to install all its Kubernetes components through a _Helm Chart_.
+
+Enable the Crossplane Helm Chart repository:
+
+```shell
+helm repo add \
+crossplane-stable https://charts.crossplane.io/stable
+helm repo update
+```
+
+Run the Helm dry-run to see all the Crossplane components Helm installs.
+
+```shell
+helm install crossplane \
+crossplane-stable/crossplane \
+--dry-run --debug \
+--namespace crossplane-system \
+--create-namespace
+```
+{{<expand "View the Helm dry-run" >}}
+```shell
+helm install crossplane \
+crossplane-stable/crossplane \
+--dry-run --debug \
+--namespace crossplane-system \
+--create-namespace
+install.go:200: [debug] Original chart version: ""
+install.go:217: [debug] CHART PATH: /home/vagrant/.cache/helm/repository/crossplane-1.13.0.tgz
+
+NAME: crossplane
+LAST DEPLOYED: Fri Jul 28 13:57:41 2023
+NAMESPACE: crossplane-system
+STATUS: pending-install
+REVISION: 1
+TEST SUITE: None
+USER-SUPPLIED VALUES:
+{}
+
+COMPUTED VALUES:
+affinity: {}
+args: []
+configuration:
+  packages: []
+customAnnotations: {}
+customLabels: {}
+deploymentStrategy: RollingUpdate
+extraEnvVarsCrossplane: {}
+extraEnvVarsRBACManager: {}
+extraVolumeMountsCrossplane: {}
+extraVolumesCrossplane: {}
+hostNetwork: false
+image:
+  pullPolicy: IfNotPresent
+  repository: crossplane/crossplane
+  tag: ""
+imagePullSecrets: {}
+leaderElection: true
+metrics:
+  enabled: false
+nodeSelector: {}
+packageCache:
+  configMap: ""
+  medium: ""
+  pvc: ""
+  sizeLimit: 20Mi
+podSecurityContextCrossplane: {}
+podSecurityContextRBACManager: {}
+priorityClassName: ""
+provider:
+  packages: []
+rbacManager:
+  affinity: {}
+  args: []
+  deploy: true
+  leaderElection: true
+  managementPolicy: Basic
+  nodeSelector: {}
+  replicas: 1
+  skipAggregatedClusterRoles: false
+  tolerations: []
+registryCaBundleConfig:
+  key: ""
+  name: ""
+replicas: 1
+resourcesCrossplane:
+  limits:
+    cpu: 100m
+    memory: 512Mi
+  requests:
+    cpu: 100m
+    memory: 256Mi
+resourcesRBACManager:
+  limits:
+    cpu: 100m
+    memory: 512Mi
+  requests:
+    cpu: 100m
+    memory: 256Mi
+securityContextCrossplane:
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: true
+  runAsGroup: 65532
+  runAsUser: 65532
+securityContextRBACManager:
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: true
+  runAsGroup: 65532
+  runAsUser: 65532
+serviceAccount:
+  customAnnotations: {}
+tolerations: []
+webhooks:
+  enabled: true
+xfn:
+  args: []
+  cache:
+    configMap: ""
+    medium: ""
+    pvc: ""
+    sizeLimit: 1Gi
+  enabled: false
+  extraEnvVars: {}
+  image:
+    pullPolicy: IfNotPresent
+    repository: crossplane/xfn
+    tag: ""
+  resources:
+    limits:
+      cpu: 2000m
+      memory: 2Gi
+    requests:
+      cpu: 1000m
+      memory: 1Gi
+  securityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      add:
+      - SETUID
+      - SETGID
+    readOnlyRootFilesystem: true
+    runAsGroup: 65532
+    runAsUser: 65532
+    seccompProfile:
+      type: Unconfined
+
+HOOKS:
+MANIFEST:
+---
+# Source: crossplane/templates/rbac-manager-serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rbac-manager
+  namespace: crossplane-system
+  labels:
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+---
+# Source: crossplane/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: crossplane
+  namespace: crossplane-system
+  labels:
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+---
+# Source: crossplane/templates/secret.yaml
+# The reason this is created empty and filled by the init container is that it's
+# mounted by the actual container, so if it wasn't created by Helm, then the
+# deployment wouldn't be deployed at all with secret to mount not found error.
+# In addition, Helm would delete this secret after uninstallation so the new
+# installation of Crossplane would use its own certificate.
+apiVersion: v1
+kind: Secret
+metadata:
+  name: webhook-tls-secret
+  namespace: crossplane-system
+type: Opaque
+---
+# Source: crossplane/templates/clusterrole.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: crossplane
+  labels:
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      rbac.crossplane.io/aggregate-to-crossplane: "true"
+---
+# Source: crossplane/templates/clusterrole.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: crossplane:system:aggregate-to-crossplane
+  labels:
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+    crossplane.io/scope: "system"
+    rbac.crossplane.io/aggregate-to-crossplane: "true"
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - "*"
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts
+  - services
+  verbs:
+  - "*"
+- apiGroups:
+  - apiextensions.crossplane.io
+  - pkg.crossplane.io
+  - secrets.crossplane.io
+  resources:
+  - "*"
+  verbs:
+  - "*"
+- apiGroups:
+  - extensions
+  - apps
+  resources:
+  - deployments
+  verbs:
+  - get
+  - list
+  - create
+  - update
+  - patch
+  - delete
+  - watch
+- apiGroups:
+  - ""
+  - coordination.k8s.io
+  resources:
+  - configmaps
+  - leases
+  verbs:
+  - get
+  - list
+  - create
+  - update
+  - patch
+  - watch
+  - delete
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - validatingwebhookconfigurations
+  - mutatingwebhookconfigurations
+  verbs:
+  - get
+  - list
+  - create
+  - update
+  - patch
+  - watch
+  - delete
+---
+# Source: crossplane/templates/rbac-manager-allowed-provider-permissions.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: crossplane:allowed-provider-permissions
+  labels:
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      rbac.crossplane.io/aggregate-to-allowed-provider-permissions: "true"
+---
+# Source: crossplane/templates/rbac-manager-clusterrole.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: crossplane-rbac-manager
+  labels:
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  - serviceaccounts
+  verbs:
+  - get
+  - list
+  - watch
+# The RBAC manager creates a series of RBAC roles for each namespace it sees.
+# These RBAC roles are controlled (in the owner reference sense) by the namespace.
+# The RBAC manager needs permission to set finalizers on Namespaces in order to
+# create resources that block their deletion when the
+# OwnerReferencesPermissionEnforcement admission controller is enabled.
+# See https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
+- apiGroups:
+  - ""
+  resources:
+  - namespaces/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - apiextensions.crossplane.io
+  resources:
+  - compositeresourcedefinitions
+  verbs:
+  - get
+  - list
+  - watch
+# The RBAC manager creates a series of RBAC cluster roles for each XRD it sees.
+# These cluster roles are controlled (in the owner reference sense) by the XRD.
+# The RBAC manager needs permission to set finalizers on XRDs in order to
+# create resources that block their deletion when the
+# OwnerReferencesPermissionEnforcement admission controller is enabled.
+# See https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
+- apiGroups:
+  - apiextensions.crossplane.io
+  resources:
+  - compositeresourcedefinitions/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - pkg.crossplane.io
+  resources:
+  - providerrevisions
+  verbs:
+  - get
+  - list
+  - watch
+# The RBAC manager creates a series of RBAC cluster roles for each ProviderRevision
+# it sees. These cluster roles are controlled (in the owner reference sense) by the
+# ProviderRevision. The RBAC manager needs permission to set finalizers on
+# ProviderRevisions in order to create resources that block their deletion when the
+# OwnerReferencesPermissionEnforcement admission controller is enabled.
+# See https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
+- apiGroups:
+  - pkg.crossplane.io
+  resources:
+  - providerrevisions/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterroles
+  - roles
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  # The RBAC manager may grant access it does not have.
+  - escalate
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterroles
+  verbs:
+  - bind
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterrolebindings
+  verbs:
+  - "*"
+- apiGroups:
+  - ""
+  - coordination.k8s.io
+  resources:
+  - configmaps
+  - leases
+  verbs:
+  - get
+  - list
+  - create
+  - update
+  - patch
+  - watch
+  - delete
+---
+# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: crossplane-admin
+  labels:
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      rbac.crossplane.io/aggregate-to-admin: "true"
+---
+# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: crossplane-edit
+  labels:
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      rbac.crossplane.io/aggregate-to-edit: "true"
+---
+# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: crossplane-view
+  labels:
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      rbac.crossplane.io/aggregate-to-view: "true"
+---
+# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: crossplane-browse
+  labels:
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      rbac.crossplane.io/aggregate-to-browse: "true"
+---
+# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: crossplane:aggregate-to-admin
+  labels:
+    rbac.crossplane.io/aggregate-to-admin: "true"
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+rules:
+# Crossplane administrators have access to view events.
+- apiGroups: [""]
+  resources: [events]
+  verbs: [get, list, watch]
+# Crossplane administrators must create provider credential secrets, and may
+# need to read or otherwise interact with connection secrets. They may also need
+# to create or annotate namespaces.
+- apiGroups: [""]
+  resources: [secrets, namespaces]
+  verbs: ["*"]
+# Crossplane administrators have access to view the roles that they may be able
+# to grant to other subjects.
+- apiGroups: [rbac.authorization.k8s.io]
+  resources: [clusterroles, roles]
+  verbs: [get, list, watch]
+# Crossplane administrators have access to grant the access they have to other
+# subjects.
+- apiGroups: [rbac.authorization.k8s.io]
+  resources: [clusterrolebindings, rolebindings]
+  verbs: ["*"]
+# Crossplane administrators have full access to built in Crossplane types.
+- apiGroups:
+  - apiextensions.crossplane.io
+  resources: ["*"]
+  verbs: ["*"]
+- apiGroups:
+  - pkg.crossplane.io
+  resources: [locks, providers, configurations, providerrevisions, configurationrevisions]
+  verbs: ["*"]
+# Crossplane administrators have access to view CRDs in order to debug XRDs.
+- apiGroups: [apiextensions.k8s.io]
+  resources: [customresourcedefinitions]
+  verbs: [get, list, watch]
+---
+# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: crossplane:aggregate-to-edit
+  labels:
+    rbac.crossplane.io/aggregate-to-edit: "true"
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+rules:
+# Crossplane editors have access to view events.
+- apiGroups: [""]
+  resources: [events]
+  verbs: [get, list, watch]
+# Crossplane editors must create provider credential secrets, and may need to
+# read or otherwise interact with connection secrets.
+- apiGroups: [""]
+  resources: [secrets]
+  verbs: ["*"]
+# Crossplane editors may see which namespaces exist, but not edit them.
+- apiGroups: [""]
+  resources: [namespaces]
+  verbs: [get, list, watch]
+# Crossplane editors have full access to built in Crossplane types.
+- apiGroups:
+  - apiextensions.crossplane.io
+  resources: ["*"]
+  verbs: ["*"]
+- apiGroups:
+  - pkg.crossplane.io
+  resources: [locks, providers, configurations, providerrevisions, configurationrevisions]
+  verbs: ["*"]
+---
+# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: crossplane:aggregate-to-view
+  labels:
+    rbac.crossplane.io/aggregate-to-view: "true"
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+rules:
+# Crossplane viewers have access to view events.
+- apiGroups: [""]
+  resources: [events]
+  verbs: [get, list, watch]
+# Crossplane viewers may see which namespaces exist.
+- apiGroups: [""]
+  resources: [namespaces]
+  verbs: [get, list, watch]
+# Crossplane viewers have read-only access to built in Crossplane types.
+- apiGroups:
+  - apiextensions.crossplane.io
+  resources: ["*"]
+  verbs: [get, list, watch]
+- apiGroups:
+  - pkg.crossplane.io
+  resources: [locks, providers, configurations, providerrevisions, configurationrevisions]
+  verbs: [get, list, watch]
+---
+# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: crossplane:aggregate-to-browse
+  labels:
+    rbac.crossplane.io/aggregate-to-browse: "true"
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+rules:
+# Crossplane browsers have access to view events.
+- apiGroups: [""]
+  resources: [events]
+  verbs: [get, list, watch]
+# Crossplane browsers have read-only access to compositions and XRDs. This
+# allows them to discover and select an appropriate composition when creating a
+# resource claim.
+- apiGroups:
+  - apiextensions.crossplane.io
+  resources: ["*"]
+  verbs: [get, list, watch]
+---
+# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
+# The below ClusterRoles are aggregated to the namespaced RBAC roles created by
+# the Crossplane RBAC manager when it is running in --manage=All mode.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: crossplane:aggregate-to-ns-admin
+  labels:
+    rbac.crossplane.io/aggregate-to-ns-admin: "true"
+    rbac.crossplane.io/base-of-ns-admin: "true"
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+rules:
+# Crossplane namespace admins have access to view events.
+- apiGroups: [""]
+  resources: [events]
+  verbs: [get, list, watch]
+# Crossplane namespace admins may need to read or otherwise interact with
+# resource claim connection secrets.
+- apiGroups: [""]
+  resources: [secrets]
+  verbs: ["*"]
+# Crossplane namespace admins have access to view the roles that they may be
+# able to grant to other subjects.
+- apiGroups: [rbac.authorization.k8s.io]
+  resources: [roles]
+  verbs: [get, list, watch]
+# Crossplane namespace admins have access to grant the access they have to other
+# subjects.
+- apiGroups: [rbac.authorization.k8s.io]
+  resources: [rolebindings]
+  verbs: ["*"]
+---
+# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: crossplane:aggregate-to-ns-edit
+  labels:
+    rbac.crossplane.io/aggregate-to-ns-edit: "true"
+    rbac.crossplane.io/base-of-ns-edit: "true"
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+rules:
+# Crossplane namespace editors have access to view events.
+- apiGroups: [""]
+  resources: [events]
+  verbs: [get, list, watch]
+# Crossplane namespace editors may need to read or otherwise interact with
+# resource claim connection secrets.
+- apiGroups: [""]
+  resources: [secrets]
+  verbs: ["*"]
+---
+# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: crossplane:aggregate-to-ns-view
+  labels:
+    rbac.crossplane.io/aggregate-to-ns-view: "true"
+    rbac.crossplane.io/base-of-ns-view: "true"
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+rules:
+# Crossplane namespace viewers have access to view events.
+- apiGroups: [""]
+  resources: [events]
+  verbs: [get, list, watch]
+---
+# Source: crossplane/templates/clusterrolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: crossplane
+  labels:
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: crossplane
+subjects:
+- kind: ServiceAccount
+  name: crossplane
+  namespace: crossplane-system
+---
+# Source: crossplane/templates/rbac-manager-clusterrolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: crossplane-rbac-manager
+  labels:
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: crossplane-rbac-manager
+subjects:
+- kind: ServiceAccount
+  name: rbac-manager
+  namespace: crossplane-system
+---
+# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: crossplane-admin
+  labels:
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: crossplane-admin
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: crossplane:masters
+---
+# Source: crossplane/templates/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: crossplane-webhooks
+  namespace: crossplane-system
+  labels:
+    app: crossplane
+    release: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+spec:
+  selector:
+    app: crossplane
+    release: crossplane
+  ports:
+  - protocol: TCP
+    port: 9443
+    targetPort: 9443
+---
+# Source: crossplane/templates/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: crossplane
+  namespace: crossplane-system
+  labels:
+    app: crossplane
+    release: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: crossplane
+      release: crossplane
+  strategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: crossplane
+        release: crossplane
+        helm.sh/chart: crossplane-1.13.0
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/component: cloud-infrastructure-controller
+        app.kubernetes.io/part-of: crossplane
+        app.kubernetes.io/name: crossplane
+        app.kubernetes.io/instance: crossplane
+        app.kubernetes.io/version: "1.13.0"
+    spec:
+      securityContext:
+        {}
+      serviceAccountName: crossplane
+      hostNetwork: false
+      initContainers:
+        - image: "crossplane/crossplane:v1.13.0"
+          args:
+          - core
+          - init
+          imagePullPolicy: IfNotPresent
+          name: crossplane-init
+          resources:
+            limits:
+              cpu: 100m
+              memory: 512Mi
+            requests:
+              cpu: 100m
+              memory: 256Mi
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            runAsGroup: 65532
+            runAsUser: 65532
+          env:
+          - name: GOMAXPROCS
+            valueFrom:
+              resourceFieldRef:
+                containerName: crossplane-init
+                resource: limits.cpu
+          - name: GOMEMLIMIT
+            valueFrom:
+              resourceFieldRef:
+                containerName: crossplane-init
+                resource: limits.memory
+          - name: POD_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+          - name: POD_SERVICE_ACCOUNT
+            valueFrom:
+              fieldRef:
+                fieldPath: spec.serviceAccountName
+          - name: "WEBHOOK_TLS_SECRET_NAME"
+            value: webhook-tls-secret
+          - name: "WEBHOOK_SERVICE_NAME"
+            value: crossplane-webhooks
+          - name: "WEBHOOK_SERVICE_NAMESPACE"
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+          - name: "WEBHOOK_SERVICE_PORT"
+            value: "9443"
+      containers:
+      - image: "crossplane/crossplane:v1.13.0"
+        args:
+        - core
+        - start
+        imagePullPolicy: IfNotPresent
+        name: crossplane
+        resources:
+            limits:
+              cpu: 100m
+              memory: 512Mi
+            requests:
+              cpu: 100m
+              memory: 256Mi
+        ports:
+        - name: webhooks
+          containerPort: 9443
+        securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            runAsGroup: 65532
+            runAsUser: 65532
+        env:
+          - name: GOMAXPROCS
+            valueFrom:
+              resourceFieldRef:
+                containerName: crossplane
+                resource: limits.cpu
+          - name: GOMEMLIMIT
+            valueFrom:
+              resourceFieldRef:
+                containerName: crossplane
+                resource: limits.memory
+          - name: POD_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+          - name: POD_SERVICE_ACCOUNT
+            valueFrom:
+              fieldRef:
+                fieldPath: spec.serviceAccountName
+          - name: LEADER_ELECTION
+            value: "true"
+          - name: "WEBHOOK_TLS_SECRET_NAME"
+            value: webhook-tls-secret
+          - name: "WEBHOOK_TLS_CERT_DIR"
+            value: /webhook/tls
+        volumeMounts:
+          - mountPath: /cache
+            name: package-cache
+          - mountPath: /webhook/tls
+            name: webhook-tls-secret
+      volumes:
+      - name: package-cache
+        emptyDir:
+          medium:
+          sizeLimit: 20Mi
+      - name: webhook-tls-secret
+        secret:
+          # NOTE(muvaf): The tls.crt is used both by the server (requires it to
+          # be a single cert) and the caBundle fields of webhook configs and CRDs
+          # which can accept a whole bundle of certificates. In order to meet
+          # the requirements of both, we require a single certificate instead of
+          # a bundle.
+          # It's assumed that initializer generates this anyway, so it should be
+          # fine.
+          secretName: webhook-tls-secret
+---
+# Source: crossplane/templates/rbac-manager-deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: crossplane-rbac-manager
+  namespace: crossplane-system
+  labels:
+    app: crossplane-rbac-manager
+    release: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: crossplane-rbac-manager
+      release: crossplane
+  strategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: crossplane-rbac-manager
+        release: crossplane
+        helm.sh/chart: crossplane-1.13.0
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/component: cloud-infrastructure-controller
+        app.kubernetes.io/part-of: crossplane
+        app.kubernetes.io/name: crossplane
+        app.kubernetes.io/instance: crossplane
+        app.kubernetes.io/version: "1.13.0"
+    spec:
+      securityContext:
+        {}
+      serviceAccountName: rbac-manager
+      initContainers:
+      - image: "crossplane/crossplane:v1.13.0"
+        args:
+        - rbac
+        - init
+        imagePullPolicy: IfNotPresent
+        name: crossplane-init
+        resources:
+            limits:
+              cpu: 100m
+              memory: 512Mi
+            requests:
+              cpu: 100m
+              memory: 256Mi
+        securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            runAsGroup: 65532
+            runAsUser: 65532
+        env:
+          - name: GOMAXPROCS
+            valueFrom:
+              resourceFieldRef:
+                containerName: crossplane-init
+                resource: limits.cpu
+          - name: GOMEMLIMIT
+            valueFrom:
+              resourceFieldRef:
+                containerName: crossplane-init
+                resource: limits.memory
+      containers:
+      - image: "crossplane/crossplane:v1.13.0"
+        args:
+        - rbac
+        - start
+        - --manage=Basic
+        - --provider-clusterrole=crossplane:allowed-provider-permissions
+        imagePullPolicy: IfNotPresent
+        name: crossplane
+        resources:
+            limits:
+              cpu: 100m
+              memory: 512Mi
+            requests:
+              cpu: 100m
+              memory: 256Mi
+        securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            runAsGroup: 65532
+            runAsUser: 65532
+        env:
+          - name: GOMAXPROCS
+            valueFrom:
+              resourceFieldRef:
+                containerName: crossplane
+                resource: limits.cpu
+          - name: GOMEMLIMIT
+            valueFrom:
+              resourceFieldRef:
+                containerName: crossplane
+                resource: limits.memory
+          - name: LEADER_ELECTION
+            value: "true"
+
+NOTES:
+Release: crossplane
+
+Chart Name: crossplane
+Chart Description: Crossplane is an open source Kubernetes add-on that enables platform teams to assemble infrastructure from multiple vendors, and expose higher level self-service APIs for application teams to consume.
+Chart Version: 1.13.0
+Chart Application Version: 1.13.0
+
+Kube Version: v1.27.4
+```
+{{< /expand >}}
+
+Install the Crossplane components using `helm install`.
+
+```shell
+helm install crossplane \
+crossplane-stable/crossplane \
+--namespace crossplane-system \
+--create-namespace
+```
+
+Verify Crossplane installed with `kubectl get pods`.
+
+```shell {copy-lines="1"}
+kubectl get pods -n crossplane-system
+NAME                                      READY   STATUS    RESTARTS   AGE
+crossplane-d4cd8d784-ldcgb                1/1     Running   0          54s
+crossplane-rbac-manager-84769b574-6mw6f   1/1     Running   0          54s
+```
+
+Installing Crossplane creates new Kubernetes API end-points.  
+Look at the new API end-points with `kubectl api-resources  | grep crossplane`.
+
+```shell  {label="grep",copy-lines="1"}
+kubectl api-resources  | grep crossplane
+compositeresourcedefinitions      xrd,xrds     apiextensions.crossplane.io/v1         false        CompositeResourceDefinition
+compositionrevisions              comprev      apiextensions.crossplane.io/v1         false        CompositionRevision
+compositions                      comp         apiextensions.crossplane.io/v1         false        Composition
+environmentconfigs                envcfg       apiextensions.crossplane.io/v1alpha1   false        EnvironmentConfig
+configurationrevisions                         pkg.crossplane.io/v1                   false        ConfigurationRevision
+configurations                                 pkg.crossplane.io/v1                   false        Configuration
+controllerconfigs                              pkg.crossplane.io/v1alpha1             false        ControllerConfig
+locks                                          pkg.crossplane.io/v1beta1              false        Lock
+providerrevisions                              pkg.crossplane.io/v1                   false        ProviderRevision
+providers                                      pkg.crossplane.io/v1                   false        Provider
+storeconfigs                                   secrets.crossplane.io/v1alpha1         false        StoreConfig
+```
\ No newline at end of file
diff --git a/content/master/getting-started/provider-aws-part-2.md b/content/master/getting-started/provider-aws-part-2.md
index e604ba6da..3e069f37a 100644
--- a/content/master/getting-started/provider-aws-part-2.md
+++ b/content/master/getting-started/provider-aws-part-2.md
@@ -2,28 +2,25 @@
 title: AWS Quickstart Part 2
 weight: 120
 tocHidden: true
+aliases:
+  - /master/getting-started/provider-aws-part-3
 ---
 
 {{< hint "important" >}}
-This guide is part 2 of a series. Follow [**part 1**]({{<ref "provider-aws" >}})** 
-to install Crossplane and connect your Kubernetes cluster to AWS.
+This guide is part 2 of a series.  
+
+[**Part 1**]({{<ref "provider-aws" >}}) covers
+to installing Crossplane and connect your Kubernetes cluster to AWS.
 
-[**Part 3**]({{<ref "provider-aws-part-3">}})** covers patching _composite resources_
-and using Crossplane _packages_.
 {{< /hint >}}
 
-<!-- vale gitlab.SentenceLength = NO -->
-This section creates a _[Composition](#create-a-composition)_, 
-_[Composite Resource Definition](#define-a-composite-resource)_ and a
-_[Claim](#create-a-claim)_
-to create a custom Kubernetes API to create AWS resources. 
-<!-- vale gitlab.SentenceLength = YES -->
+This guide walks you through building and accessing a custom API with Crossplane.
 
 ## Prerequisites
 * Complete [quickstart part 1]({{<ref "provider-aws" >}}) connecting Kubernetes
   to AWS.
 * an AWS account with permissions to create an AWS S3 storage bucket and a
-DynamoDB instance
+  DynamoDB instance
 
 {{<expand "Skip part 1 and just get started" >}}
 1. Add the Crossplane Helm repository and install Crossplane
@@ -45,9 +42,9 @@ cat <<EOF | kubectl apply -f -
 apiVersion: pkg.crossplane.io/v1
 kind: Provider
 metadata:
-  name: upbound-provider-aws
+  name: provider-aws-s3
 spec:
-  package: xpkg.upbound.io/upbound/provider-aws:v0.27.0
+  package: xpkg.upbound.io/upbound/provider-aws-s3:v0.37.0
 EOF
 ```
 
@@ -84,476 +81,144 @@ EOF
 ```
 {{</expand >}}
 
-## Create a composition
-[Part 1]({{<ref "provider-aws" >}}) created a single _managed resource_.
-A _Composition_ is a template to create multiple _managed resources_ at the same time.
-
-This sample _composition_ creates an DynamoDB instance and associated S3 storage 
-bucket. 
-
-{{< hint "note" >}}
-This example comes from the AWS recommendation for 
-[storing large DynamoDB attributes in S3](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/bp-use-s3-too.html#bp-use-s3-too-large-values). 
-{{< /hint >}}
-
-To create a _composition_, first define each individual managed resource.
-
-### Create an S3 bucket object
-Define a `bucket` resource using the configuration from the previous section:
-
-```yaml
-apiVersion: s3.aws.upbound.io/v1beta1
-kind: Bucket
-metadata:
-  name: crossplane-quickstart-bucket
-spec:
-  forProvider:
-    region: "us-east-2"
-  providerConfigRef:
-    name: default
-```
-
-### Create a DynamoDB table resource
-Next, define a DynamoDB `table` resource. 
-
-{{< hint "tip" >}}
-The [Upbound Marketplace](https://marketplace.upbound.io/) provides
-[schema documentation](https://marketplace.upbound.io/providers/upbound/provider-aws/v0.27.0/resources/dynamodb.aws.upbound.io/Table/v1beta1) for a `Table` resource.
-{{< /hint >}}
-
-The _AWS Provider_ defines the 
-{{<hover line="1" label="dynamoMR">}}apiVersion{{</hover>}} 
-and 
-{{<hover line="2" label="dynamoMR">}}kind{{</hover>}}.
-
-DynamoDB instances require a
-{{<hover line="7" label="dynamoMR">}}region{{</hover>}},
-{{<hover line="8" label="dynamoMR">}}writeCapacity{{</hover>}}
-and 
-{{<hover line="9" label="dynamoMR">}}readCapacity{{</hover>}}
-parameters.
-
-The {{<hover line="10" label="dynamoMR">}}attribute{{</hover>}} section creates
-the database "Partition key" and "Hash key."
-
-This example creates a single key named 
-{{<hover line="11" label="dynamoMR">}}S3ID{{</hover>}} of type
-{{<hover line="12" label="dynamoMR">}}S{{</hover>}} for "string" 
-```yaml {label="dynamoMR"}
-apiVersion: dynamodb.aws.upbound.io/v1beta1
-kind: Table
-metadata:
-  name: crossplane-quickstart-database
-spec:
-  forProvider:
-    region: "us-east-2"
-    writeCapacity: 1
-    readCapacity: 1
-    attribute:
-      - name: S3ID
-        type: S
-    hashKey: S3ID
-```
-
-{{< hint "note" >}}
-DynamoDB specifics are beyond the scope of this guide. Read the 
-[DynamoDB Developer Guide](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Introduction.html)
-for more information.
-{{</hint >}}
-
-### Create the composition object
-The _composition_ combines the two resource definitions.
+## Create a custom API
 
-A 
-{{<hover label="compName" line="2">}}Composition{{</ hover>}} comes from the
-{{<hover label="compName" line="1">}}Crossplane{{</ hover>}} 
-API resources.
+<!-- vale alex.Condescending = NO -->
+Crossplane allows you to build your own custom APIs for your users, abstracting
+away details about the cloud provider and their resources. You can make your API
+as complex or simple as you wish. 
+<!-- vale alex.Condescending = YES -->
 
-Create any {{<hover label="compName" line="4">}}name{{</ hover>}} for this _composition_.
+The custom API is a Kubernetes object.  
+Here is an example custom API.
 
-```yaml {label="compName"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: Composition
+```yaml {label="exAPI"}
+apiVersion: database.example.com/v1alpha1
+kind: NoSQL
 metadata:
-  name: dynamoDBWithS3
-```
-
-Add the resources to the 
-{{<hover label="specResources" line="5">}}spec.resources{{</ hover>}} 
-section of the _composition_.
-
-Give each resource a 
-{{<hover label="specResources" line="7">}}name{{</ hover>}} 
-and put the resource definition under the
-{{<hover label="specResources" line="8">}}base{{</ hover>}} 
-key.
-
-```yaml {label="specResources"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: Composition
-metadata:
-  name: dynamoDBWithS3
-spec:
-  resources:
-    - name: s3Bucket
-      base:
-        apiVersion: s3.aws.upbound.io/v1beta1
-        kind: Bucket
-        metadata:
-          name: crossplane-quickstart-bucket
-        spec:
-          forProvider:
-            region: "us-east-2"
-          providerConfigRef:
-            name: default
-    - name: dynamoDB
-      base:
-        apiVersion: dynamodb.aws.upbound.io/v1beta1
-        kind: Table
-        metadata:
-          name: crossplane-quickstart-database
-        spec:
-          forProvider:
-            region: "us-east-2"
-            writeCapacity: 1
-            readCapacity: 1
-            attribute:
-              - name: S3ID
-                type: S
-            hashKey: S3ID
+  name: my-nosql-database
+spec: 
+  location: "US"
 ```
 
-Put the entire resource definition including the 
-{{<hover label="specResources" line="20">}}apiVersion{{</ hover>}} and resource
-settings under the 
-{{<hover label="specResources" line="19">}}base{{</ hover>}}.
-
-_Compositions_ are only a template for generating resources. A _composite
-resource_ actually creates the resources.
-
-A _composition_ defines what _composite resources_ can use this
-template. 
+Like any Kubernetes object the API has a 
+{{<hover label="exAPI" line="1">}}version{{</hover>}}, 
+{{<hover label="exAPI" line="2">}}kind{{</hover>}} and 
+{{<hover label="exAPI" line="5">}}spec{{</hover>}}.
 
-_Compositions_ do this with the 
-{{<hover label="compRef" line="6">}}spec.compositeTypeRef{{</ hover>}}
-definition.
-
-```yaml {label="compRef"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: Composition
-metadata:
-  name: dynamodb-with-bucket
-spec:
-  compositeTypeRef:
-    apiVersion: custom-api.example.org/v1alpha1
-    kind: database
-  resources:
-    # Removed for Brevity    
-```
+### Define a group and version
+To create your own API start by defining an 
+[API group](https://kubernetes.io/docs/reference/using-api/#api-groups) and 
+[version](https://kubernetes.io/docs/reference/using-api/#api-versioning).  
 
-A _composite resource_ is actually a custom Kubernetes API type you define. The
-platform team controls the kind, API endpoint and version.
+The _group_ can be any value, but common convention is to map to a fully
+qualified domain name. 
 
 <!-- vale gitlab.SentenceLength = NO -->
-<!-- Lenght is because of shortcodes, ignore -->
-With this {{<hover label="compRef" line="6">}}spec.compositeTypeRef{{</ hover>}}
-Crossplane only allows _composite resources_ from the API group
-{{<hover label="compRef" line="7">}}custom-api.example.org{{</ hover>}} 
-that are of
-{{<hover label="compRef" line="8">}}kind: database{{</ hover>}}
-to use this template to create resources. 
+The version shows how mature or stable the API is and increments when changing,
+adding or removing fields in the API.
 <!-- vale gitlab.SentenceLength = YES -->
 
-### Apply the composition
-Apply the full _Composition_ to your Kubernetes cluster.
-
-```yaml
-cat <<EOF | kubectl apply -f -
-apiVersion: apiextensions.crossplane.io/v1
-kind: Composition
-metadata:
-  name: dynamo-with-bucket
-spec:
-  compositeTypeRef:
-    apiVersion: custom-api.example.org/v1alpha1
-    kind: database
-  resources:
-    - name: s3Bucket
-      base:
-        apiVersion: s3.aws.upbound.io/v1beta1
-        kind: Bucket
-        metadata:
-          name: crossplane-quickstart-bucket
-        spec:
-          forProvider:
-            region: us-east-2
-          providerConfigRef:
-            name: default
-    - name: dynamoDB
-      base:
-        apiVersion: dynamodb.aws.upbound.io/v1beta1
-        kind: Table
-        metadata:
-          name: crossplane-quickstart-database
-        spec:
-          forProvider:
-            region: "us-east-2"
-            writeCapacity: 1
-            readCapacity: 1
-            attribute:
-              - name: S3ID
-                type: S
-            hashKey: S3ID
-EOF
-```
-
-Confirm the _composition_ exists with `kubectl get composition`
-
-```shell {copy-lines="1"}
-kubectl get composition
-NAME                 AGE
-dynamo-with-bucket   22s
-```
+Crossplane doesn't require specific versions or a specific version naming 
+convention, but following 
+[Kubernetes API versioning guidelines](https://kubernetes.io/docs/reference/using-api/#api-versioning)
+is strongly recommended. 
 
-## Define a composite resource
+* `v1alpha1` - A new API that may change at any time.
+* `v1beta1` - An existing API that's considered stable. Breaking changes are
+  strongly discouraged.
+* `v1` - A stable API that doesn't have breaking changes. 
 
-The _composition_ that was just created limited which _composite resources_ can
-use that template. 
+This guide uses the group 
+{{<hover label="version" line="1">}}database.example.com{{</hover>}}.
 
-A _composite resource_ is a custom API defined by the platform teams.  
-A _composite resource definition_ defines the schema for a _composite resource_.
+Since this is the first version of the API, this guide uses the version
+{{<hover label="version" line="1">}}v1alpha1{{</hover>}}.
 
-
-A _composite resource definition_ installs the custom API type into Kubernetes
-and defines what `spec` keys and values are valid when calling this new custom API.
-
-Before creating a _composite resource_ Crossplane requires a _composite resource definition_.
-
-{{< hint "tip" >}}
-_Composite resource definitions_ are also called `XRDs` for short. 
-{{< /hint >}}
-
-Just like a _composition_ the 
-{{<hover label="xrdName" line="2" >}}composite resource definition{{</hover>}} 
-is part of the 
-{{<hover label="xrdName" line="1" >}}Crossplane{{</hover>}}
-API group.
-
-The _XRD_ {{<hover label="xrdName" line="4" >}}name{{</hover>}} is the new
-API endpoint.
-
-```yaml {label="xrdName"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: CompositeResourceDefinition
-metadata:
-  name: databases.custom-api.example.org
+```yaml {label="version",copy-lines="none"}
+apiVersion: database.example.com/v1alpha1
 ```
 
-The _XRD's_
-{{<hover label="xrdGroup" line="5" >}}spec{{</hover>}} defines the new custom
-API.
+### Define a kind
 
-### Define the API endpoint and kind
-First, define the new API
-{{<hover label="xrdGroup" line="6" >}}group{{</hover>}}.  
-Next, create the API {{<hover label="xrdGroup" line="8" >}}kind{{</hover>}} and
-{{<hover label="xrdGroup" line="9" >}}plural{{</hover>}}.
+The API group is a logical collection of related APIs. Within a group are
+individual kinds representing different resources.
 
-```yaml {label="xrdGroup"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: CompositeResourceDefinition
-metadata:
-  name: databases.custom-api.example.org
-spec:
-  group: custom-api.example.org
-  names:
-    kind: database
-    plural: databases
-```
+For example a `database` group may have a `Relational` and `NoSQL` kinds.
 
-{{<hint "note" >}}
-The _XRD_ {{<hover label="xrdGroup" line="6" >}}group{{</hover>}} matches the _composition_ {{<hover label="noteComp"
-line="5">}}apiVersion{{</hover>}} and the 
-_XRD_ {{<hover label="xrdGroup" line="8" >}}kind{{</hover>}} matches the _composition_ 
-{{<hover label="noteComp" line="6">}}kind{{</hover>}} under the {{<hover label="noteComp" line="4">}}compositeTypeRef{{</hover>}}.
+The `kind` can be anything, but it must be 
+[UpperCamelCased](https://kubernetes.io/docs/contribute/style/style-guide/#use-upper-camel-case-for-api-objects).
 
-```yaml {label="noteComp"}
-kind: Composition
-# Removed for brevity
-spec:
-  compositeTypeRef:
-    apiVersion: custom-api.example.org/v1alpha1
-    kind: database
-```
-{{< /hint >}}
-
-### Set the API version
-In Kubernetes, all API endpoints have a version to tell the stability of the API
-and track revisions. 
-
-Apply a version to the _XRD_ with a 
-{{<hover label="xrdVersion" line="11">}}versions.name{{</hover>}}. 
-This matches the {{<hover label="noteComp"
-line="5">}}apiVersion{{</hover>}} used in the _composition's_ 
-{{<hover label="noteComp" line="4">}}compositeTypeRef{{</hover>}}.
+This API's kind is 
+{{<hover label="kind" line="2">}}NoSQL{{</hover>}}
 
-_XRDs_ require both
-{{<hover label="xrdVersion" line="12">}}versions.served{{</hover>}}
-and
-{{<hover label="xrdVersion" line="13">}}versions.referenceable{{</hover>}}.
-
-```yaml {label="xrdVersion"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: CompositeResourceDefinition
-metadata:
-  name: custom-api-definition
-spec:
-  group: custom-api.example.org
-  names:
-    kind: database
-    plural: databases
-  versions:
-  - name: v1alpha1
-    served: true
-    referenceable: true
+```yaml {label="kind",copy-lines="none"}
+apiVersion: database.example.com/v1alpha1
+kind: NoSQL
 ```
 
-{{<hint "note" >}}
-For more information on defining versions in Kubernetes read the 
-[API versioning](https://kubernetes.io/docs/reference/using-api/#api-versioning) section of the Kubernetes documentation.
-{{< /hint >}}
-
-### Create the API schema
-With an API endpoint named, now define the API schema, or what's allowed
-inside the `spec` of the new Kubernetes object.
+### Define a spec
 
-{{< hint "note" >}}
-_XRDs_ follow the Kubernetes 
-[_custom resource definition_ rules for schemas](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#specifying-a-structural-schema). 
-{{</hint >}}
+The most important part of an API is the schema. The schema defines the inputs
+accepted from users. 
 
-Place the API 
-{{< hover label="xrdSchema" line="8" >}}schema{{</hover>}}
-under the 
-{{< hover label="xrdSchema" line="7" >}}version.name{{</hover>}} 
+This API allows users to provide a 
+{{<hover label="spec" line="4">}}location{{</hover>}} of where to run their 
+cloud resources.
 
-The _XRD_ type defines the next lines. They're always the same.
+All other resource settings can't be configurable by the users. This allows
+Crossplane to enforce any policies and standards without worrying about
+user errors. 
 
-<!-- vale write-good.TooWordy = NO -->
-<!-- allow "validate" -->
-{{< hover label="xrdSchema" line="9" >}}openAPIV3Schema{{</hover>}} specifies
-how the schema gets validated.
-<!-- vale write-good.TooWordy = YES -->
-
-Next, the entire API is an 
-{{< hover label="xrdSchema" line="10" >}}object{{</hover>}}
-with a
-{{< hover label="xrdSchema" line="11" >}}property{{</hover>}} of
-{{< hover label="xrdSchema" line="12" >}}spec{{</hover>}}.
-
-The 
-{{< hover label="xrdSchema" line="12" >}}spec{{</hover>}} is also an 
-{{< hover label="xrdSchema" line="13" >}}object{{</hover>}} with
-{{< hover label="xrdSchema" line="14" >}}properties{{</hover>}}.
-
-```yaml {label="xrdSchema"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: CompositeResourceDefinition
-# Removed for brevity
-spec:
-  # Removed for brevity
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        type: object
-        properties:
-          spec:
-            type: object
-            properties:
+```yaml {label="spec",copy-lines="none"}
+apiVersion: database.example.com/v1alpha1
+kind: NoSQL
+spec: 
+  location: "US"
 ```
 
-{{< hint "tip" >}}
-An _XRD_ is a Kubernetes _custom resource definition_.  
-For more information on the values allowed in the _XRD_ view the _XRD_ object with  
-`kubectl describe crd  compositeresourcedefinitions`
-{{< /hint >}}
+### Apply the API
 
-Now, define the custom API. Your custom API continues under the last
-{{<hover label="xrdSchema" line="14">}}properties{{</hover>}} definition in the
-previous example.
-
-This custom API has only one setting:
-<!-- vale Google.We = NO -->
-* {{<hover label="customAPI" line="4" >}}region{{</hover >}} - where to deploy
-the resources, a choice of "EU" or "US"
-
-
-Users can't change any other settings of the S3 bucket or DynamoDB instance. 
-
-The{{<hover label="customAPI" line="4" >}}region{{</hover >}}
-is a {{<hover label="customAPI" line="5" >}}string{{</hover >}}
-and can match the regular expression that's
-{{<hover label="customAPI" line="6" >}}oneOf{{</hover >}}
-{{<hover label="customAPI" line="7" >}}EU{{</hover >}}
-or
-{{<hover label="customAPI" line="8" >}}US{{</hover >}}.
-
-This API requires the setting 
-{{<hover label="customAPI" line="10" >}}region{{</hover >}}.
-
-
-```yaml {label="customAPI"}
-# Removed for brevity
-# schema.openAPIV3Schema.type.properties.spec
-properties:
-  region:
-    type: string
-    oneOf:
-      - pattern: '^EU$'
-      - pattern: '^US$'
-required:
-  - region
-```
+Crossplane uses 
+{{<hover label="xrd" line="3">}}Composite Resource Definitions{{</hover>}} 
+(also called an `XRD`) to install your custom API in
+Kubernetes. 
 
-### Enable claims to the API
-Allow a _claim_ to use this _XRD_ by defining the _claim_ API endpoint under the _XRD_ 
-{{<hover label="XRDclaim" line="4">}}spec{{< /hover >}}.
+The XRD {{<hover label="xrd" line="6">}}spec{{</hover>}} contains all the
+information about the API including the 
+{{<hover label="xrd" line="7">}}group{{</hover>}},
+{{<hover label="xrd" line="12">}}version{{</hover>}},
+{{<hover label="xrd" line="9">}}kind{{</hover>}} and 
+{{<hover label="xrd" line="13">}}schema{{</hover>}}.
 
-```yaml {label="XRDclaim"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: CompositeResourceDefinition
-# Removed for brevity
-spec:
-# Removed for brevity
-  claimNames:
-    kind: customDatabase
-    plural: customDatabases
-```
+The XRD's {{<hover label="xrd" line="5">}}name{{</hover>}} must be the
+combination of the {{<hover label="xrd" line="9">}}plural{{</hover>}} and 
+{{<hover label="xrd" line="7">}}group{{</hover>}}.
 
-{{<hint "note" >}}
-The [Claims](#create-a-claim) section later in this guide discusses _claims_.
-{{< /hint >}}
+The {{<hover label="xrd" line="13">}}schema{{</hover>}} uses the
+{{<hover label="xrd" line="14">}}OpenAPIv3{{</hover>}} specification to define
+the API {{<hover label="xrd" line="17">}}spec{{</hover>}}.  
 
-### Apply the composite resource definition
-Apply the complete _XRD_ to your Kubernetes cluster.
+The API defines a {{<hover label="xrd" line="20">}}location{{</hover>}} that
+must be {{<hover label="xrd" line="22">}}oneOf{{</hover>}} either 
+{{<hover label="xrd" line="23">}}EU{{</hover>}} or 
+{{<hover label="xrd" line="24">}}US{{</hover>}}.
 
+Apply this XRD to create the custom API in your Kubernetes cluster. 
 
-```yaml
+```yaml {label="xrd",copy-lines="all"}
 cat <<EOF | kubectl apply -f -
 apiVersion: apiextensions.crossplane.io/v1
 kind: CompositeResourceDefinition
 metadata:
-  name: databases.custom-api.example.org
+  name: nosqls.database.example.com
 spec:
-  group: custom-api.example.org
+  group: database.example.com
   names:
-    kind: database
-    plural: databases
+    kind: NoSQL
+    plural: nosqls
   versions:
   - name: v1alpha1
-    served: true
-    referenceable: true
     schema:
       openAPIV3Schema:
         type: object
@@ -561,370 +226,331 @@ spec:
           spec:
             type: object
             properties:
-              region:
+              location:
                 type: string
                 oneOf:
                   - pattern: '^EU$'
                   - pattern: '^US$'
             required:
-              - region
+              - location
+    served: true
+    referenceable: true
   claimNames:
-    kind: custom-database
-    plural: custom-databases
+    kind: NoSQLClaim
+    plural: nosqlclaim
 EOF
 ```
 
-Verify Kubernetes created the XRD with `kubectl get xrd`
+Adding the {{<hover label="xrd" line="29">}}claimNames{{</hover>}} allows users
+to access this API either at the cluster level with the 
+{{<hover label="xrd" line="9">}}nosql{{</hover>}} endpoint or in a namespace
+with the 
+{{<hover label="xrd" line="29">}}nosqlclaim{{</hover>}} endpoint. 
 
-```shell {copy-lines="1",label="getXRD"}
-kubectl get xrd
-NAME                               ESTABLISHED   OFFERED   AGE
-databases.custom-api.example.org   True          True      9s
-```
+The namespace scoped API is a Crossplane _Claim_.
 
+{{<hint "tip" >}}
+For more details on the fields and options of Composite Resource Definitions
+read the 
+[XRD documentation]({{<ref "../concepts/composite-resource-definitions">}}). 
+{{< /hint >}}
 
-## Create a composite resource
-Creating an _XRD_ allows the creation _composite resources_.
-
-_Composite resources_ are a convenient way to create multiple resources with a standard template. 
+View the installed XRD with `kubectl get xrd`.  
 
-A _composite resource_ uses the custom API created in the _XRD_.
+```shell {copy-lines="1"}
+kubectl get xrd
+NAME                          ESTABLISHED   OFFERED   AGE
+nosqls.database.example.com   True          True      2s
+```
 
-Looking at part of the _XRD_:
+View the new custom API endpoints with `kubectl api-resources | grep nosql`
 
-```yaml {label="xrdSnip"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: CompositeResourceDefinition
-# Removed for brevity
-spec:
-  group: custom-api.example.org
-  names:
-    kind: database
-# Removed for brevity
-      spec:
-        type: object
-        properties:
-          region:
-            type: string
-            oneOf:
-              - pattern: '^EU$'
-              - pattern: '^US$'
+```shell {copy-lines="1",label="apiRes"}
+kubectl api-resources | grep nosql
+nosqlclaim                                     database.example.com/v1alpha1          true         NoSQLClaim
+nosqls                                         database.example.com/v1alpha1          false        NoSQL
 ```
 
-The _XRD_ {{<hover label="xrdSnip" line="5">}}group{{</hover>}}
-becomes the _composite resource_ 
-{{<hover label="xr" line="2">}}apiVersion{{</hover>}}.
+## Create a deployment template
 
-The _XRD_ {{<hover label="xrdSnip" line="7">}}kind{{</hover>}}
-is the _composite resource_ 
-{{<hover label="xr" line="3">}}kind{{</hover>}}
+When users access the custom API Crossplane takes their inputs and combines them
+with a template describing what infrastructure to deploy. Crossplane calls this
+template a _Composition_.
 
-The _XRD_ API {{<hover label="xrdSnip" line="9">}}spec{{</hover>}} defines the
-_composite resource_ {{<hover label="xr" line="6">}}spec{{</hover>}}.
+The {{<hover label="comp" line="3">}}Composition{{</hover>}} defines all the 
+cloud resources to deploy.
+Each entry in the template
+is a full resource definitions, defining all the resource settings and metadata
+like labels and annotations. 
 
-The _XRD_ {{<hover label="xrdSnip" line="11">}}properties{{</hover>}} section
-defines the options for the _composite resource_ 
-{{<hover label="xr" line="6">}}spec{{</hover>}}.
+This template creates an AWS 
+{{<hover label="comp" line="13">}}S3{{</hover>}}
+{{<hover label="comp" line="14">}}Bucket{{</hover>}} and a 
+{{<hover label="comp" line="33">}}DynamoDB{{</hover>}}
+{{<hover label="comp" line="34">}}Table{{</hover>}}.
 
-The one option is {{<hover label="xrdSnip" line="12">}}region{{</hover>}} and it
-can be either {{<hover label="xrdSnip" line="15">}}EU{{</hover>}} or 
-{{<hover label="xrdSnip" line="16">}}US{{</hover>}}. 
+Crossplane uses {{<hover label="comp" line="19">}}patches{{</hover>}} to apply
+the user's input to the resource template.  
+This Composition takes the user's 
+{{<hover label="comp" line="21">}}location{{</hover>}} input and uses it as the 
+{{<hover label="comp" line="16">}}region{{</hover>}} used in the individual 
+resource.
 
-This _composite resource_ uses 
-{{<hover label="xr" line="7">}}region: US{{</hover>}}.
-<!-- vale Google.We = YES -->
-### Apply the composite resource
+Apply this Composition to your cluster. 
 
-Apply the composite resource to the Kubernetes cluster. 
-
-```yaml {label="xr"}
+```yaml {label="comp",copy-lines="all"}
 cat <<EOF | kubectl apply -f -
-apiVersion: custom-api.example.org/v1alpha1
-kind: database
+apiVersion: apiextensions.crossplane.io/v1
+kind: Composition
 metadata:
-  name: my-composite-resource
-spec: 
-  region: "US"
+  name: dynamo-with-bucket
+spec:
+  resources:
+    - name: s3Bucket
+      base:
+        apiVersion: s3.aws.upbound.io/v1beta1
+        kind: Bucket
+        metadata:
+          name: crossplane-quickstart-bucket
+        spec:
+          forProvider:
+            region: us-east-2
+          providerConfigRef:
+            name: default
+      patches:
+        - type: FromCompositeFieldPath
+          fromFieldPath: "location"
+          toFieldPath: "spec.forProvider.region"
+          transforms:
+            - type: map
+              map: 
+                EU: "eu-north-1"
+                US: "us-east-2"
+    - name: dynamoDB
+      base:
+        apiVersion: dynamodb.aws.upbound.io/v1beta1
+        kind: Table
+        metadata:
+          name: crossplane-quickstart-database
+        spec:
+          forProvider:
+            region: "us-east-2"
+            writeCapacity: 1
+            readCapacity: 1
+            attribute:
+              - name: S3ID
+                type: S
+            hashKey: S3ID
+      patches:
+        - type: FromCompositeFieldPath
+          fromFieldPath: "location"
+          toFieldPath: "spec.forProvider.region"
+          transforms:
+            - type: map
+              map: 
+                EU: "eu-north-1"
+                US: "us-east-2"
+  compositeTypeRef:
+    apiVersion: database.example.com/v1alpha1
+    kind: NoSQL
 EOF
 ```
 
-### Verify the composite resource
-Verify Crossplane created the _composite resource_ with `kubectl get composite`
+The {{<hover label="comp" line="52">}}compositeTypeRef{{</hover >}} defines
+which custom APIs can use this template to create resources.
 
-```shell {copy-lines="1"}
-kubectl get composite
-NAME                    SYNCED   READY   COMPOSITION          AGE
-my-composite-resource   True     True    dynamo-with-bucket   31s
-```
+{{<hint "tip" >}}
+Read the [Composition documentation]({{<ref "../concepts/compositions">}}) for
+more information on configuring Compositions and all the available options.
 
-The output mentions the _composite_ template that the _composite resource_ used.
+Read the 
+[Patch and Transform documentation]({{<ref "../concepts/patch-and-transform">}}) 
+for more information on how Crossplane uses patches to map user inputs to
+Composition resource templates.
+{{< /hint >}}
 
-Now look at the S3 `bucket` and DynmoDB `table` _managed resources_ with
-`kubectl get bucket` and `kubectl get table`.
+View the Composition with `kubectl get composition`
 
 ```shell {copy-lines="1"}
-kubectl get bucket
-NAME                          READY   SYNCED   EXTERNAL-NAME                 AGE
-my-composite-resource-8b6tx   True    True     my-composite-resource-8b6tx   56s
+kubectl get composition
+NAME                 XR-KIND   XR-APIVERSION                   AGE
+dynamo-with-bucket   NoSQL     database.example.com/v1alpha1   3s
 ```
 
-```shell {copy-lines="1"}
-kubectl get table
-NAME                          READY   SYNCED   EXTERNAL-NAME                 AGE
-my-composite-resource-m6vk6   True    True     my-composite-resource-m6vk6   59s
+## Install the DynamoDB Provider
+
+Part 1 only installed the AWS S3 Provider. Deploying a DynamoDB Table requires
+the DynamoDB Provider as well. 
+
+Add the new Provider to the cluster. 
+
+```yaml
+cat <<EOF | kubectl apply -f -
+apiVersion: pkg.crossplane.io/v1
+kind: Provider
+metadata:
+  name: provider-aws-dynamodb
+spec:
+  package: xpkg.upbound.io/upbound/provider-aws-dynamodb:v0.37.0
+EOF
 ```
 
-The _composite resource_ automatically generated both _managed resources_.
+View the new DynamoDB provider with `kubectl get providers`.
 
-Using `kubectl describe` on a _managed resource_ shows the `Owner References` is
-the _composite resource_.
 
-```yaml {copy-lines="1"}
-kubectl describe bucket | grep "Owner References" -A5
-  Owner References:
-    API Version:           custom-api.example.org/v1alpha1
-    Block Owner Deletion:  true
-    Controller:            true
-    Kind:                  database
-    Name:                  my-composite-resource
+```shell {copy-lines="1"}
+kubectl get providers
+NAME                          INSTALLED   HEALTHY   PACKAGE                                                 AGE
+provider-aws-dynamodb         True        True      xpkg.upbound.io/upbound/provider-aws-dynamodb:v0.37.0   13m
+provider-aws-s3               True        True      xpkg.upbound.io/upbound/provider-aws-s3:v0.37.0         14m
+upbound-provider-family-aws   True        True      xpkg.upbound.io/upbound/provider-family-aws:v0.37.0     14m
 ```
 
-Each _composite resource_ creates and owns a unique set of _managed resources_.
-If you create a second _composite resource_ Crossplane creates a new S3 `bucket`
-and DynamoDB `table`.
+## Access the custom API
 
-```yaml {label="xr"}
+With the custom API (XRD) installed and associated to a resource template
+(Composition) users can access the API to create resources.
+
+Create a {{<hover label="xr" line="2">}}NoSQL{{</hover>}} object to create the
+cloud resources.
+
+```yaml {copy-lines="all",label="xr"}
 cat <<EOF | kubectl apply -f -
-apiVersion: custom-api.example.org/v1alpha1
-kind: database
+apiVersion: database.example.com/v1alpha1
+kind: NoSQL
 metadata:
-  name: my-second-composite-resource
+  name: my-nosql-database
 spec: 
-  region: "US"
+  location: "US"
 EOF
 ```
 
-Again, use `kubectl get composite` to view both _composite resources_.
+View the resource with `kubectl get nosql`.
 
 ```shell {copy-lines="1"}
-kubectl get composite
-NAME                           SYNCED   READY   COMPOSITION          AGE
-my-composite-resource          True     True    dynamo-with-bucket   2m21s
-my-second-composite-resource   True     True    dynamo-with-bucket   42s
+kubectl get nosql
+NAME                SYNCED   READY   COMPOSITION          AGE
+my-nosql-database   True     True    dynamo-with-bucket   3m35s
 ```
 
-And see there are two `bucket` and two `table` _managed resources_.
+This object is a Crossplane _composite resource_ (also called an `XR`).  
+It's a
+single object representing the collection of resources created from the
+Composition template. 
 
-```shell {copy-lines="1"}
-kubectl get bucket
-NAME                                 READY   SYNCED   EXTERNAL-NAME                        AGE
-my-composite-resource-8b6tx          True    True     my-composite-resource-8b6tx          2m57s
-my-second-composite-resource-z22lc   True    True     my-second-composite-resource-z22lc   78s
-```
+View the individual resources with `kubectl get managed`
 
 ```shell {copy-lines="1"}
-kubectl get table
-NAME                                 READY   SYNCED   EXTERNAL-NAME                        AGE
-my-composite-resource-m6vk6          True    True     my-composite-resource-m6vk6          3m
-my-second-composite-resource-nsz6j   True    True     my-second-composite-resource-nsz6j   81s
-```
-
-### Delete the composite resources
-Because the _composite resource_ is the `Owner` of the _managed resources_, when
-Crossplane deletes the _composite resource_, it also deletes the _managed resources_ automatically.
+kubectl get managed
+NAME                                                    READY   SYNCED   EXTERNAL-NAME             AGE
+table.dynamodb.aws.upbound.io/my-nosql-database-r94gq   True    True     my-nosql-database-r94gq   5m28s
 
-Delete the new _composite resource_ with `kubectl delete composite`.
-
-```shell
-kubectl delete composite my-second-composite-resource
+NAME                                               READY   SYNCED   EXTERNAL-NAME             AGE
+bucket.s3.aws.upbound.io/my-nosql-database-2j65t   True    True     my-nosql-database-2j65t   5m28s
 ```
 
-{{<hint "note">}}
-There may a delay in deleting the _managed resources_. Crossplane is making API
-calls to AWS and waits for AWS to confirm they deleted the resources before
-updating the state in Kubernetes.
-{{</hint >}}
-
-Now only one bucket and table exist.
+Delete the resources with `kubectl delete nosql`.
 
 ```shell {copy-lines="1"}
-kubectl get bucket
-NAME                                 READY   SYNCED   EXTERNAL-NAME                        AGE
-my-composite-resource-8b6tx   True    True     my-composite-resource-8b6tx   7m34s
+kubectl delete nosql my-nosql-database
+nosql.database.example.com "my-nosql-database" deleted
 ```
 
-```shell {copy-lines="1"}
-kubectl get table
-NAME                                 READY   SYNCED   EXTERNAL-NAME                        AGE
-my-composite-resource-m6vk6   True    True     my-composite-resource-m6vk6   7m37s
-```
+Verify Crossplane deleted the resources with `kubectl get managed`
 
-Delete the second _composite resource_ to remove the last `bucket` and `table`
-_managed resources_.
+{{<hint "note" >}}
+It may take up to 5 minutes to delete the resources.
+{{< /hint >}}
 
-```shell
-kubectl delete composite my-composite-resource
+```shell {copy-lines="1"}
+kubectl get managed
+No resources found
 ```
 
-_Composite resources_ are great for creating multiple related resources against
-a template, but all _composite resources_ exist at the Kubernetes "cluster
-level." There's no isolation between _composite resources_. Crossplane uses
-_claims_ to create resources with namespace isolation. 
+## Using the API with namespaces
 
-## Create a claim
+Accessing the API `nosql` happens at the cluster scope.  
+Most organizations
+isolate their users into namespaces.  
 
-_Claims_, just like _composite resources_ use the custom API defined in the
-_XRD_. Unlike a _composite resource_, Crossplane can create _claims_ in a
-namespace.
+A Crossplane _Claim_ is the custom API within a namespace.
 
-### Create a new Kubernetes namespace
-Create a new namespace with `kubectl create namespace`.
-
-```shell
-kubectl create namespace test
-```
+Creating a _Claim_ is just like accessing the custom API endpoint, but with the
+{{<hover label="claim" line="3">}}kind{{</hover>}} 
+from the custom API's `claimNames`.
 
-A _claim_ uses the same {{<hover label="XRDclaim2" line="7" >}}group{{</hover>}}
-a _composite resource_ uses but a different 
-{{<hover label="XRDclaim2" line="8" >}}kind{{</hover>}}.
+Create a new namespace to test create a Claim in. 
 
-```yaml {label="XRDclaim2"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: CompositeResourceDefinition
-# Removed for brevity
-spec:
-# Removed for brevity
-  group: custom-api.example.org
-  claimNames:
-    kind: custom-database
-    plural: custom-databases
+```shell
+kubectl create namespace crossplane-test
 ```
 
-Like the _composite resource_, create a new object with the 
-{{<hover label="claim" line="2" >}}custom-api.example.org{{</hover>}} API
-endpoint.
-
-The _XRD_
-{{<hover label="XRDclaim2" line="8" >}}ClaimNames.kind{{</hover>}} defines the
-{{<hover label="claim" line="3" >}}kind{{</hover>}}.
-
-The {{<hover label="claim" line="7" >}}spec{{</hover>}} uses the same
-API options as the _composite resource_.
+Then create a Claim in the `crossplane-test` namespace.
 
-### Apply the claim
-Apply the _claim_ to your Kubernetes cluster.
-
-```yaml {label="claim"}
+```yaml {label="claim",copy-lines="all"}
 cat <<EOF | kubectl apply -f -
-apiVersion: custom-api.example.org/v1alpha1
-kind: custom-database
+apiVersion: database.example.com/v1alpha1
+kind: NoSQLClaim
 metadata:
-  name: claimed-database
-  namespace: test
-spec:
-  region: "US"
+  name: my-nosql-database
+  namespace: crossplane-test
+spec: 
+  location: "US"
 EOF
 ```
-
-### Verify the claim
-Verify Crossplane created the _claim_ with `kubectl get claim` in the `test`
-namespace.
+View the Claim with `kubectl get claim -n crossplane-test`.
 
 ```shell {copy-lines="1"}
-kubectl get claim -n test
-NAME               SYNCED   READY   CONNECTION-SECRET   AGE
-claimed-database   True     True                        35s
+kubectl get claim -n crossplane-test
+NAME                SYNCED   READY   CONNECTION-SECRET   AGE
+my-nosql-database   True     True                        42s
 ```
 
-When Crossplane creates a _claim_ a unique _composite resource_ is automatically
-created too. View the new _composite resource_ with `kubectl get composite`.
+The Claim automatically creates a composite resource, which creates the managed
+resources. 
+
+View the Crossplane created composite resource with `kubectl get composite`.
 
 ```shell {copy-lines="1"}
 kubectl get composite
-NAME                     SYNCED   READY   COMPOSITION          AGE
-claimed-database-6xsgq   True     True    dynamo-with-bucket   46s
+NAME                      SYNCED   READY   COMPOSITION          AGE
+my-nosql-database-t9qrw   True     True    dynamo-with-bucket   77s
 ```
 
-The _composite resource_ exists at the "cluster scope" while the _claim_ exists
-at the "namespace scope."
-
-Create a second namespace and a second claim.
-
-```shell
-kubectl create namespace test2
-cat <<EOF | kubectl apply -f -
-apiVersion: custom-api.example.org/v1alpha1
-kind: custom-database
-metadata:
-  name: claimed-database
-  namespace: test2
-spec:
-  region: "US"
-EOF
-```
-
-View the _claims_ in all namespaces with `kubectl get claim -A`
+Again, view the managed resources with `kubectl get managed`.
 
 ```shell {copy-lines="1"}
-kubectl get claim -A
-NAMESPACE   NAME               SYNCED   READY   CONNECTION-SECRET   AGE
-test        claimed-database   True     True                        4m32s
-test2       claimed-database   True     True                        43s
-```
-
-Now look at the _composite resources_ at the cluster scope.
+kubectl get managed
+NAME                                                          READY   SYNCED   EXTERNAL-NAME                   AGE
+table.dynamodb.aws.upbound.io/my-nosql-database-t9qrw-dcpwv   True    True     my-nosql-database-t9qrw-dcpwv   116s
 
-```shell
-kubectl get composite
-NAME                     SYNCED   READY   COMPOSITION          AGE
-claimed-database-6xsgq   True     True    dynamo-with-bucket   8m37s
-claimed-database-f54qv   True     True    dynamo-with-bucket   4m47s
+NAME                                                     READY   SYNCED   EXTERNAL-NAME                   AGE
+bucket.s3.aws.upbound.io/my-nosql-database-t9qrw-g98lv   True    True     my-nosql-database-t9qrw-g98lv   117s
 ```
 
-Crossplane created a second _composite resource_ for the second _claim_.
+Deleting the Claim deletes all the Crossplane generated resources.
 
-Looking at the S3 `bucket` and DynamoDB `table` shows two of each resource, one
-for each claim.
+`kubectl delete claim -n crossplane-test my-nosql-database`
 
 ```shell {copy-lines="1"}
-kubectl get bucket
-NAME                           READY   SYNCED   EXTERNAL-NAME                  AGE
-claimed-database-6xsgq-l9d8z   True    True     claimed-database-6xsgq-l9d8z   9m18s
-claimed-database-f54qv-9542v   True    True     claimed-database-f54qv-9542v   5m28s
+kubectl delete claim -n crossplane-test my-nosql-database
+nosqlclaim.database.example.com "my-nosql-database" deleted
 ```
 
-```shell {copy-lines="1"}
-kubectl get table
-NAME                           READY   SYNCED   EXTERNAL-NAME                  AGE
-claimed-database-6xsgq-nmxhs   True    True     claimed-database-6xsgq-nmxhs   11m
-claimed-database-f54qv-qrsdj   True    True     claimed-database-f54qv-qrsdj   7m24s
-```
+{{<hint "note" >}}
+It may take up to 5 minutes to delete the resources.
+{{< /hint >}}
 
-### Delete the claims
-Removing the _claims_ removes the _composite resources_ and the associated
-_managed resources_.
+Verify Crossplane deleted the composite resource with `kubectl get composite`.
 
-```shell
-kubectl delete claim claimed-database -n test
-kubectl delete claim claimed-database -n test2
+```shell {copy-lines="1"}
+kubectl get composite
+No resources found
 ```
 
-Verify Crossplane removed all the _managed resources_.
+Verify Crossplane deleted the managed resources with `kubectl get managed`.
 
-```shell
-kubectl get bucket
-kubectl get table
-```
-
-Claims are powerful tools to give users resources in their own isolated
-namespace. But these examples haven't shown how the custom API can change
-the settings defined in the _composition_. This _composition patching_ applies
-the API settings when creating resources. 
-[Part 3]({{< ref "provider-aws-part-3">}}) of this guide covers _composition
-patches_ and making all this configuration portable in Crossplane _packages_. 
-
-## Next steps
-* [**Continue to part 3**]({{< ref "provider-aws-part-3">}}) to create a learn
-  about _patching_ resources and creating Crossplane _packages_.
-* Explore AWS resources that Crossplane can configure in the [Provider CRD reference](https://marketplace.upbound.io/providers/upbound/provider-family-aws/).
-* Join the [Crossplane Slack](https://slack.crossplane.io/) and connect with Crossplane users and contributors.
\ No newline at end of file
+```shell {copy-lines="1"}
+kubectl get managed
+No resources found
+```
\ No newline at end of file
diff --git a/content/master/getting-started/provider-aws-part-3.md b/content/master/getting-started/provider-aws-part-3.md
deleted file mode 100644
index 47f14649b..000000000
--- a/content/master/getting-started/provider-aws-part-3.md
+++ /dev/null
@@ -1,652 +0,0 @@
----
-title: AWS Quickstart Part 3
-weight: 120
-tocHidden: true
----
-
-{{< hint "important" >}}
-This guide is part 3 of a series. 
-
-Follow [**part 1**]({{<ref "provider-aws" >}}) 
-to install Crossplane and connect your Kubernetes cluster to AWS. 
-
-Follow [**part 2**]({{<ref "provider-aws-part-2" >}}) to create a _composition_,
-_custom resource definition_ and a _claim_.
-{{< /hint >}}
-
-[Part 2]({{<ref "provider-aws-part-2" >}}) created a _composite resource
-definition_ to define the schema of the custom API. Users create a _claim_ to
-use the custom API and apply their options. Part 2 didn't show how the options
-set in a _claim_ change or get applied the associated _composite resources_.
-
-## Prerequisites
-* Complete quickstart [part 1]({{<ref "provider-aws" >}}) and 
-  [Part 2]({{<ref "provider-aws-part-2" >}}) to install Crossplane and the quickstart
-  configurations.
-  
-{{<expand "Skip parts 1 and 2 and just get started" >}}
-1. Add the Crossplane Helm repository and install Crossplane
-```shell
-helm repo add \
-crossplane-stable https://charts.crossplane.io/stable
-helm repo update
-
-helm install crossplane \
-crossplane-stable/crossplane \
---namespace crossplane-system \
---create-namespace
-```
-
-2. When the Crossplane pods finish installing and are ready, apply the AWS Provider
-   
-```yaml {label="provider",copy-lines="all"}
-cat <<EOF | kubectl apply -f -
-apiVersion: pkg.crossplane.io/v1
-kind: Provider
-metadata:
-  name: upbound-provider-aws
-spec:
-  package: xpkg.upbound.io/upbound/provider-aws:v0.27.0
-EOF
-```
-
-3. Create a file with your AWS keys
-```ini
-[default]
-aws_access_key_id = <aws_access_key>
-aws_secret_access_key = <aws_secret_key>
-```
-
-4. Create a Kubernetes secret from the AWS keys
-```shell {label="kube-create-secret",copy-lines="all"}
-kubectl create secret \
-generic aws-secret \
--n crossplane-system \
---from-file=creds=./aws-credentials.txt
-```
-
-5. Create a _ProviderConfig_
-```yaml {label="providerconfig",copy-lines="all"}
-cat <<EOF | kubectl apply -f -
-apiVersion: aws.upbound.io/v1beta1
-kind: ProviderConfig
-metadata:
-  name: default
-spec:
-  credentials:
-    source: Secret
-    secretRef:
-      namespace: crossplane-system
-      name: aws-secret
-      key: creds
-EOF
-```
-
-6. Create a _composition_
-```yaml
-cat <<EOF | kubectl apply -f -
-apiVersion: apiextensions.crossplane.io/v1
-kind: Composition
-metadata:
-  name: dynamo-with-bucket
-spec:
-  compositeTypeRef:
-    apiVersion: custom-api.example.org/v1alpha1
-    kind: database
-  resources:
-    - name: s3Bucket
-      base:
-        apiVersion: s3.aws.upbound.io/v1beta1
-        kind: Bucket
-        metadata:
-          name: crossplane-quickstart-bucket
-        spec:
-          forProvider:
-            region: "us-east-2"
-    - name: dynamoDB
-      base:
-        apiVersion: dynamodb.aws.upbound.io/v1beta1
-        kind: Table
-        metadata:
-          name: crossplane-quickstart-database
-        spec:
-          forProvider:
-            region: "us-east-2"
-            writeCapacity: 1
-            readCapacity: 1
-            attribute:
-              - name: S3ID
-                type: S
-            hashKey: S3ID
-EOF
-```
-
-7. Create a _composite resource definition_
-```yaml
-cat <<EOF | kubectl apply -f -
-apiVersion: apiextensions.crossplane.io/v1
-kind: CompositeResourceDefinition
-metadata:
-  name: databases.custom-api.example.org
-spec:
-  group: custom-api.example.org
-  names:
-    kind: database
-    plural: databases
-  versions:
-  - name: v1alpha1
-    served: true
-    referenceable: true
-    schema:
-      openAPIV3Schema:
-        type: object
-        properties:
-          spec:
-            type: object
-            properties:
-              region:
-                type: string
-                oneOf:
-                  - pattern: '^EU$'
-                  - pattern: '^US$'
-            required:
-              - region
-  claimNames:
-    kind: custom-database
-    plural: custom-databases
-EOF
-```
-
-8. Create a new namespace
-```shell
-kubectl create namespace test
-```
-
-{{</expand >}}
-
-## Enable composition patches
-In a _composition_ `patches` map fields in the custom API to fields inside the
-_managed resources_.
-
-The _composition_ has two _managed resources_, a 
-{{<hover label="compResources" line="8">}}bucket{{</hover>}} and a
-{{<hover label="compResources" line="19">}}table{{</hover>}}.
-
-```yaml {label="compResources"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: Composition
-# Removed for Brevity
-resources:
-    - name: s3Bucket
-      base:
-        apiVersion: s3.aws.upbound.io/v1beta1
-        kind: Bucket
-        metadata:
-          name: crossplane-quickstart-bucket
-        spec:
-          forProvider:
-            region: "us-east-2"
-    - name: dynamoDB
-      base:
-        apiVersion: dynamodb.aws.upbound.io/v1beta1
-        kind: Table
-        metadata:
-          name: crossplane-quickstart-database
-        spec:
-          forProvider:
-            region: "us-east-2"
-            writeCapacity: 1
-            readCapacity: 1
-            attribute:
-              - name: S3ID
-                type: S
-            hashKey: S3ID
-```
-<!-- vale Google.We = NO -->
-The custom API defined a single option, 
-{{<hover label="xrdSnip" line="12">}}region{{</hover>}}. A 
-{{<hover label="xrdSnip" line="12">}}region{{</hover>}} can be either 
-{{<hover label="xrdSnip" line="15">}}EU{{</hover>}} or
-{{<hover label="xrdSnip" line="16">}}US{{</hover>}}. 
-<!-- vale Google.We = YES -->
-
-```yaml {label="xrdSnip"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: CompositeResourceDefinition
-# Removed for brevity
-spec:
-  group: custom-api.example.org
-  names:
-    kind: database
-# Removed for brevity
-      spec:
-        type: object
-        properties:
-          region:
-            type: string
-            oneOf:
-              - pattern: '^EU$'
-              - pattern: '^US$'
-```
-
-Creating a _composition_ `patch` allows Crossplane to update the settings of the
-_composite resource_. Patches apply to the individual _managed resources_
-inside the _composition_. 
-
-A {{<hover label="patch" line="12">}}patch{{</hover>}} has a
-{{<hover label="patch" line="13">}}fromField{{</hover>}} and a
-{{<hover label="patch" line="14">}}toField{{</hover>}} specifying which value
-_from_ the custom API should apply _to_ the _managed resource_.  
-Patches can create a 
-{{<hover label="patch" line="15">}}transform{{</hover>}} to change the _from_
-field before it's applied.  
-
-The transform
-{{<hover label="patch" line="16">}}type{{</hover>}} is what kind of change to
-make on the _from_ field. Types of changes could include appending a string,
-preforming a math operation or mapping one value to another. 
-
-Applying a {{<hover label="patch" line="12">}}patch{{</hover>}} to the 
-{{<hover label="patch" line="8">}}Bucket{{</hover>}} uses the custom API 
-{{<hover label="patch" line="13">}}region{{</hover>}} to use as the _managed resource_
-{{<hover label="patch" line="11">}}region{{</hover>}}. 
-
-<!-- vale Google.We = NO -->
-The custom API value "EU" is 
-{{<hover label="patch" line="18">}}mapped{{</hover>}} to the value "eu-north-1"
-and "US" is {{<hover label="patch" line="19">}}mapped{{</hover>}} to the value
-"us-east-2."
-<!-- vale Google.We = YES -->
-
-
-```yaml {label="patch"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: Composition
-# Removed for Brevity
-resources:
-    - name: s3Bucket
-      base:
-        apiVersion: s3.aws.upbound.io/v1beta1
-        kind: Bucket
-        spec:
-          forProvider:
-            region: "us-east-2"
-      patches:
-        - fromFieldPath: "region"
-          toFieldPath: "spec.forProvider.region"
-          transforms:
-            - type: map
-              map: 
-                EU: "eu-north-1"
-                US: "us-east-2"
-```
-<!-- vale Google.We = NO -->
-Patching is a powerful tool enabling simpler or abstracted APIs. A developer
-isn't required to know the specific AWS region identifier, only the abstracted
-option of "EU" or "US."
-<!-- vale Google.We = YES -->
-
-### Apply the updated composition
-Apply the same `patch` to the `Table` _managed resource_ and apply the updated
-_composition_.
-
-```yaml
-cat <<EOF | kubectl apply -f -
-apiVersion: apiextensions.crossplane.io/v1
-kind: Composition
-metadata:
-  name: dynamo-with-bucket
-spec:
-  compositeTypeRef:
-    apiVersion: custom-api.example.org/v1alpha1
-    kind: database
-  resources:
-    - name: s3Bucket
-      base:
-        apiVersion: s3.aws.upbound.io/v1beta1
-        kind: Bucket
-        metadata:
-          name: crossplane-quickstart-bucket
-        spec:
-          forProvider:
-            name: default
-            region: "us-east-2"
-      patches:
-        - fromFieldPath: "spec.region"
-          toFieldPath: "spec.forProvider.region"
-          transforms:
-            - type: map
-              map: 
-                EU: "eu-north-1"
-                US: "us-east-2"
-    - name: dynamoDB
-      base:
-        apiVersion: dynamodb.aws.upbound.io/v1beta1
-        kind: Table
-        metadata:
-          name: crossplane-quickstart-database
-        spec:
-          forProvider:
-            writeCapacity: 1
-            readCapacity: 1
-            attribute:
-              - name: S3ID
-                type: S
-            hashKey: S3ID
-            region: "us-east-2"
-      patches:
-        - fromFieldPath: "spec.region"
-          toFieldPath: "spec.forProvider.region"
-          transforms:
-            - type: map
-              map: 
-                EU: "eu-north-1"
-                US: "us-east-2"
-EOF
-```
-
-### Create a claim
-Create a new _claim_ and set the 
-{{<hover label="claim" line="8" >}}region{{</hover >}} to "EU."
-
-```yaml {label="claim"}
-cat <<EOF | kubectl apply -f -
-apiVersion: custom-api.example.org/v1alpha1
-kind: custom-database
-metadata:
-  name: claimed-eu-database
-  namespace: test
-spec:
-  region: "EU"
-EOF
-```
-
-View the _claim_ with `kubectl get claim`
-
-```shell
-kubectl get claim -n test
-NAME                  SYNCED   READY   CONNECTION-SECRET   AGE
-claimed-eu-database   True     True                        18m
-```
-
-The claim reports `SYNCED` and `READY` as `True` after Crossplane creates
-all the _managed resources_.
-
-Describe the `Table` resource to see the AWS region is `eu-north-1`.
-
-```shell
-kubectl describe table | grep arn:aws
-    Arn:           arn:aws:dynamodb:eu-north-1:622343227358:table/claimed-eu-database-2sh9w-dhvw6
-```
-
-<!-- vale Google.We = NO -->
-Using {{<hover label="claim" line="8" >}}region: "EU"{{</hover >}} patches the
-_composite resource_, updating the AWS region from `us-east-2` to `eu-north-1`.
-The developer creating the claim isn't required to know which specific AWS 
-region or the naming conventions. Using the abstract API options of "EU" or "US" 
-the developer places their resources in the desired location.
-<!-- vale Google.We = YES -->
-
-Deleting the claim removes the _managed resources_.
-
-{{<hint "note" >}}
-The _managed resources_ take up to 5 minutes to delete.
-{{< /hint >}}
-
-```shell
-kubectl delete claim claimed-eu-database -n test
-```
-
-## Create a Crossplane configuration package
-
-Crossplane _configuration packages_ allow users to combine their _custom
-resource definition_ and _composition_ files into an OCI image. 
-
-{{< hint "note" >}}
-The [Open Container Initiative](https://opencontainers.org/faq/) 
-defines the OCI image standard.  
-An OCI images is a standard way to package data.
-{{< /hint >}}
-
-You can host configuration packages in image registries like 
-[Docker Hub](https://hub.docker.com/) or the
-[Upbound Marketplace](https://marketplace.upbound.io/). 
-
-Crossplane can download and install configuration packages into a Kubernetes
-cluster. 
-
-Creating a configuration package makes your Crossplane custom APIs portable
-and versioned. 
-
-Building and installing configuration packages requires an OCI image compatible
-tool. 
-
-{{< hint "note" >}}
-You can use any software that builds OCI images. This includes
-[Docker](https://www.docker.com/) or 
-[Upbound's Up CLI)](https://github.com/upbound/up).
-{{< /hint >}}
-
-A configuration package includes three files:
-* `crossplane.yaml` defines the metadata of the package.
-* `definition.yaml` is the _composite resource definition_ for the package.
-* `composition.yaml` is the _composition_ template for the package. 
-
-<!-- vale gitlab.Substitutions = NO -->
-<!-- yaml is in the filename -->
-### Create a crossplane.yaml file
-<!-- vale gitlab.Substitutions = YES -->
-Configuration packages describe their contents and requirements with a 
-`crossplane.yaml` file.
-
-The `crossplane.yaml` file lists the required Crossplane _providers_ and their
-compatible versions as well as the required Crossplane version. 
-
-The Crossplane
-{{<hover label="xpyaml" line="1" >}}meta.pkg{{</hover>}} API defines the schema
-for a 
-{{<hover label="xpyaml" line="2" >}}Configuration{{</hover>}}.
-
-Inside the {{<hover label="xpyaml" line="5" >}}spec{{</hover>}} define the
-required Crossplane
-{{<hover label="xpyaml" line="7" >}}version{{</hover>}}.
-
-The {{<hover label="xpyaml" line="8" >}}dependsOn{{</hover>}} section lists the
-dependencies for a package. 
-
-This package lists the Upbound 
-{{<hover label="xpyaml" line="9" >}}provider-aws{{</hover>}}
-version {{<hover label="xpyaml" line="10" >}}0.27.0{{</hover>}} or later as a
-dependency.
-
-{{<hint "tip" >}}
-Crossplane automatically installs dependencies. Dependencies can include other
-configuration packages.
-{{< /hint >}}
-
-```yaml {label="xpyaml"}
-apiVersion: meta.pkg.crossplane.io/v1
-kind: Configuration
-metadata:
-  name: crossplane-aws-quickstart
-spec:
-  crossplane:
-    version: ">=v1.11.0"
-  dependsOn:
-    - provider: xpkg.upbound.io/upbound/provider-aws
-      version: ">=v0.27.0"
-```
-
-Create a new directory and save the `crossplane.yaml` file.
-
-```yaml
-mkdir crossplane-aws-quickstart
-cat <<EOF > crossplane-aws-quickstart/crossplane.yaml
-apiVersion: meta.pkg.crossplane.io/v1
-kind: Configuration
-metadata:
-  name: crossplane-aws-quickstart
-spec:
-  crossplane:
-    version: ">=v1.11.0"
-  dependsOn:
-    - provider: xpkg.upbound.io/upbound/provider-aws
-      version: ">=v0.27.0"
-EOF
-```
-
-<!-- vale gitlab.Substitutions = NO -->
-<!-- yaml is in the filename -->
-### Create a definition.yaml file
-<!-- vale gitlab.Substitutions = YES -->
-
-A configuration package requires a _composite resource definition_ (XRD) to define the
-custom API.
-
-Save the _XRD_ as `definition.yaml` in the same directory as the
-`crossplane.yaml` file.
-
-```yaml
-cat <<EOF > crossplane-aws-quickstart/definition.yaml
-apiVersion: apiextensions.crossplane.io/v1
-kind: CompositeResourceDefinition
-metadata:
-  name: databases.custom-api.example.org
-spec:
-  group: custom-api.example.org
-  names:
-    kind: database
-    plural: databases
-  versions:
-  - name: v1alpha1
-    served: true
-    referenceable: true
-    schema:
-      openAPIV3Schema:
-        type: object
-        properties:
-          spec:
-            type: object
-            properties:
-              region:
-                type: string
-                oneOf:
-                  - pattern: '^EU$'
-                  - pattern: '^US$'
-            required:
-              - region
-  claimNames:
-    kind: custom-database
-    plural: custom-databases
-EOF
-```
-
-<!-- vale gitlab.Substitutions = NO -->
-<!-- yaml is in the filename -->
-### Create a composition.yaml file
-<!-- vale gitlab.Substitutions = YES -->
-
-The _composition_ template creates the _managed resources_ and allows _patches_
-to customize the _managed resources_.
-
-Copy the _composition_ into the `composition.yaml` file in the same directory as
-`crossplane.yaml`.
-
-```yaml
-cat <<EOF > crossplane-aws-quickstart/composition.yaml
-apiVersion: apiextensions.crossplane.io/v1
-kind: Composition
-metadata:
-  name: dynamo-with-bucket
-spec:
-  compositeTypeRef:
-    apiVersion: custom-api.example.org/v1alpha1
-    kind: database
-  resources:
-    - name: s3Bucket
-      base:
-        apiVersion: s3.aws.upbound.io/v1beta1
-        kind: Bucket
-        metadata:
-          name: crossplane-quickstart-bucket
-        spec:
-          providerConfigRef:
-            name: default
-        patches:
-        - fromFieldPath: "spec.region"
-          toFieldPath: "spec.forProvider.region"
-          transforms:
-             - type: map
-               map: 
-                EU: "eu-north-1"
-                US: "us-east-1"
-    - name: dynamoDB
-      base:
-        apiVersion: dynamodb.aws.upbound.io/v1beta1
-        kind: Table
-        metadata:
-          name: crossplane-quickstart-database
-        spec:
-          forProvider:
-            writeCapacity: 1
-            readCapacity: 1
-            attribute:
-              - name: S3ID
-                type: S
-            hashKey: S3ID
-      patches:
-        - fromFieldPath: "spec.region"
-          toFieldPath: "spec.forProvider.region"
-          transforms:
-            - type: map
-              map: 
-                EU: "eu-north-1"
-                US: "us-east-1"
-EOF
-```
-
-### Install the Crossplane command-line
-To build a configuration package install the Crossplane Kubernetes command-line
-extension. 
-
-```shell
-curl "https://raw.githubusercontent.com/crossplane/crossplane/master/install.sh"
-./install.sh
-sudo mv kubectl-crossplane /usr/bin
-```
-
-Verify the Crossplane command-line installed with `kubectl crossplane --help`
-
-```shell
-kubectl crossplane --help
-Usage: kubectl crossplane <command>
-
-A command line tool for interacting with Crossplane.
-
-Flags:
-  -h, --help       Show context-sensitive help.
-  -v, --version    Print version and quit.
-      --verbose    Print verbose logging statements.
-# Ouptut removed for brevity
-```
-
-### Build a configuration package
-
-Use the `kubectl crossplane` command to create an `.xpkg` file containing the
-custom APIs and Crossplane configuration.
-
-```shell
-kubectl crossplane build configuration -f crossplane-aws-quickstart/ --name="crossplane-aws-quickstart"
-```
-
-Now an `.xpkg` OCI image is inside the `crossplane-aws-quickstart` directory.
-
-```shell
-ls crossplane-aws-quickstart/
-composition.yaml  crossplane-aws-quickstart.xpkg  crossplane.yaml  definition.yaml
-```
-
-## Next steps
-* Explore AWS resources that Crossplane can configure in the [Provider CRD reference](https://marketplace.upbound.io/providers/upbound/provider-family-aws/).
-* Join the [Crossplane Slack](https://slack.crossplane.io/) and connect with Crossplane users and contributors.
-* Read more about [Crossplane concepts]({{<ref "../concepts" >}})
\ No newline at end of file
diff --git a/content/master/getting-started/provider-aws.md b/content/master/getting-started/provider-aws.md
index e5e47a415..4bf4b783f 100644
--- a/content/master/getting-started/provider-aws.md
+++ b/content/master/getting-started/provider-aws.md
@@ -3,1092 +3,97 @@ title: AWS Quickstart
 weight: 100
 ---
 
-Connect Crossplane to AWS to create and manage cloud resources from Kubernetes with the [Upbound AWS Provider](https://marketplace.upbound.io/providers/upbound/provider-aws).
+Connect Crossplane to AWS to create and manage cloud resources from Kubernetes 
+with the 
+[Upbound AWS Provider](https://marketplace.upbound.io/providers/upbound/provider-family-aws/v0.37.0).
 
-This guide is in three parts:
+This guide is in two parts:
 * Part 1 walks through installing Crossplane, configuring the provider to
 authenticate to AWS and creating a _Managed Resource_ in AWS directly from your
 Kubernetes cluster. This shows Crossplane can communicate with AWS.
-* [Part 2]({{< ref "provider-aws-part-2" >}}) creates a 
-_Composite Resource Definition_ (XRD), _Composite Resource_ (XR) and a _Claim_
-(XRC) to show how to create and use custom APIs.
-* [Part 3]({{< ref "provider-aws-part-3" >}}) demonstrates how to patch
-_Compositions_ with values used in a _Claim_ and how to build a Crossplane
-_Package_.
+* [Part 2]({{< ref "provider-aws-part-2" >}}) shows how to build and access a 
+  custom API with Crossplane.
+
 
 ## Prerequisites
 This quickstart requires:
-* a Kubernetes cluster with at least 6 GB of RAM
+* a Kubernetes cluster with at least 2 GB of RAM
 * permissions to create pods and secrets in the Kubernetes cluster
 * [Helm](https://helm.sh/) version v3.2.0 or later
 * an AWS account with permissions to create an S3 storage bucket
 * AWS [access keys](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-creds)
 
-## Install Crossplane
-
-Crossplane installs into an existing Kubernetes cluster. 
-
-{{< hint type="tip" >}}
-If you don't have a Kubernetes cluster create one locally with [Kind](https://kind.sigs.k8s.io/).
-{{< /hint >}}
-
-
-### Install the Crossplane Helm chart
-
-Helm enables Crossplane to install all its Kubernetes components through a _Helm Chart_.
-
-Enable the Crossplane Helm Chart repository:
-
-```shell
-helm repo add \
-crossplane-stable https://charts.crossplane.io/stable
-helm repo update
-```
-
-Run the Helm dry-run to see all the Crossplane components Helm installs.
-
-```shell
-helm install crossplane \
-crossplane-stable/crossplane \
---dry-run --debug \
---namespace crossplane-system \
---create-namespace
-```
-{{<expand "View the Helm dry-run" >}}
-```shell
-helm install crossplane \
-crossplane-stable/crossplane \
---dry-run --debug \
---namespace crossplane-system \
---create-namespace
-install.go:193: [debug] Original chart version: ""
-install.go:210: [debug] CHART PATH: /home/vagrant/.cache/helm/repository/crossplane-1.10.1.tgz
-
-NAME: crossplane
-LAST DEPLOYED: Thu Jan 19 15:52:08 2023
-NAMESPACE: crossplane-system
-STATUS: pending-install
-REVISION: 1
-TEST SUITE: None
-USER-SUPPLIED VALUES:
-{}
-
-COMPUTED VALUES:
-affinity: {}
-args: {}
-configuration:
-  packages: []
-customAnnotations: {}
-customLabels: {}
-deploymentStrategy: RollingUpdate
-extraEnvVarsCrossplane: {}
-extraEnvVarsRBACManager: {}
-image:
-  pullPolicy: IfNotPresent
-  repository: crossplane/crossplane
-  tag: v1.10.1
-imagePullSecrets: {}
-leaderElection: true
-metrics:
-  enabled: false
-nodeSelector: {}
-packageCache:
-  medium: ""
-  pvc: ""
-  sizeLimit: 5Mi
-podSecurityContextCrossplane: {}
-podSecurityContextRBACManager: {}
-priorityClassName: ""
-provider:
-  packages: []
-rbacManager:
-  affinity: {}
-  args: {}
-  deploy: true
-  leaderElection: true
-  managementPolicy: All
-  nodeSelector: {}
-  replicas: 1
-  skipAggregatedClusterRoles: false
-  tolerations: {}
-registryCaBundleConfig: {}
-replicas: 1
-resourcesCrossplane:
-  limits:
-    cpu: 100m
-    memory: 512Mi
-  requests:
-    cpu: 100m
-    memory: 256Mi
-resourcesRBACManager:
-  limits:
-    cpu: 100m
-    memory: 512Mi
-  requests:
-    cpu: 100m
-    memory: 256Mi
-securityContextCrossplane:
-  allowPrivilegeEscalation: false
-  readOnlyRootFilesystem: true
-  runAsGroup: 65532
-  runAsUser: 65532
-securityContextRBACManager:
-  allowPrivilegeEscalation: false
-  readOnlyRootFilesystem: true
-  runAsGroup: 65532
-  runAsUser: 65532
-serviceAccount:
-  customAnnotations: {}
-tolerations: {}
-webhooks:
-  enabled: false
-
-HOOKS:
-MANIFEST:
----
-# Source: crossplane/templates/rbac-manager-serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: rbac-manager
-  labels:
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
----
-# Source: crossplane/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: crossplane
-  labels:
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
----
-# Source: crossplane/templates/clusterrole.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: crossplane
-  labels:
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-aggregationRule:
-  clusterRoleSelectors:
-  - matchLabels:
-      rbac.crossplane.io/aggregate-to-crossplane: "true"
----
-# Source: crossplane/templates/clusterrole.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: crossplane:system:aggregate-to-crossplane
-  labels:
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-    crossplane.io/scope: "system"
-    rbac.crossplane.io/aggregate-to-crossplane: "true"
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - apiextensions.k8s.io
-  resources:
-  - customresourcedefinitions
-  verbs:
-  - "*"
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - serviceaccounts
-  - services
-  verbs:
-  - "*"
-- apiGroups:
-  - apiextensions.crossplane.io
-  - pkg.crossplane.io
-  - secrets.crossplane.io
-  resources:
-  - "*"
-  verbs:
-  - "*"
-- apiGroups:
-  - extensions
-  - apps
-  resources:
-  - deployments
-  verbs:
-  - get
-  - list
-  - create
-  - update
-  - patch
-  - delete
-  - watch
-- apiGroups:
-  - ""
-  - coordination.k8s.io
-  resources:
-  - configmaps
-  - leases
-  verbs:
-  - get
-  - list
-  - create
-  - update
-  - patch
-  - watch
-  - delete
-- apiGroups:
-  - admissionregistration.k8s.io
-  resources:
-  - validatingwebhookconfigurations
-  - mutatingwebhookconfigurations
-  verbs:
-  - get
-  - list
-  - create
-  - update
-  - patch
-  - watch
-  - delete
----
-# Source: crossplane/templates/rbac-manager-allowed-provider-permissions.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: crossplane:allowed-provider-permissions
-  labels:
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-aggregationRule:
-  clusterRoleSelectors:
-  - matchLabels:
-      rbac.crossplane.io/aggregate-to-allowed-provider-permissions: "true"
----
-# Source: crossplane/templates/rbac-manager-clusterrole.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: crossplane-rbac-manager
-  labels:
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - namespaces
-  - serviceaccounts
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - apiextensions.crossplane.io
-  resources:
-  - compositeresourcedefinitions
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - pkg.crossplane.io
-  resources:
-  - providerrevisions
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - apiextensions.k8s.io
-  resources:
-  - customresourcedefinitions
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - rbac.authorization.k8s.io
-  resources:
-  - clusterroles
-  - roles
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  # The RBAC manager may grant access it does not have.
-  - escalate
-- apiGroups:
-  - rbac.authorization.k8s.io
-  resources:
-  - clusterroles
-  verbs:
-  - bind
-- apiGroups:
-  - rbac.authorization.k8s.io
-  resources:
-  - clusterrolebindings
-  verbs:
-  - "*"
-- apiGroups:
-  - ""
-  - coordination.k8s.io
-  resources:
-  - configmaps
-  - leases
-  verbs:
-  - get
-  - list
-  - create
-  - update
-  - patch
-  - watch
-  - delete
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: crossplane-admin
-  labels:
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-aggregationRule:
-  clusterRoleSelectors:
-  - matchLabels:
-      rbac.crossplane.io/aggregate-to-admin: "true"
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: crossplane-edit
-  labels:
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-aggregationRule:
-  clusterRoleSelectors:
-  - matchLabels:
-      rbac.crossplane.io/aggregate-to-edit: "true"
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: crossplane-view
-  labels:
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-aggregationRule:
-  clusterRoleSelectors:
-  - matchLabels:
-      rbac.crossplane.io/aggregate-to-view: "true"
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: crossplane-browse
-  labels:
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-aggregationRule:
-  clusterRoleSelectors:
-  - matchLabels:
-      rbac.crossplane.io/aggregate-to-browse: "true"
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: crossplane:aggregate-to-admin
-  labels:
-    rbac.crossplane.io/aggregate-to-admin: "true"
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-rules:
-# Crossplane administrators have access to view events.
-- apiGroups: [""]
-  resources: [events]
-  verbs: [get, list, watch]
-# Crossplane administrators must create provider credential secrets, and may
-# need to read or otherwise interact with connection secrets. They may also need
-# to create or annotate namespaces.
-- apiGroups: [""]
-  resources: [secrets, namespaces]
-  verbs: ["*"]
-# Crossplane administrators have access to view the roles that they may be able
-# to grant to other subjects.
-- apiGroups: [rbac.authorization.k8s.io]
-  resources: [clusterroles, roles]
-  verbs: [get, list, watch]
-# Crossplane administrators have access to grant the access they have to other
-# subjects.
-- apiGroups: [rbac.authorization.k8s.io]
-  resources: [clusterrolebindings, rolebindings]
-  verbs: ["*"]
-# Crossplane administrators have full access to built in Crossplane types.
-- apiGroups:
-  - apiextensions.crossplane.io
-  resources: ["*"]
-  verbs: ["*"]
-- apiGroups:
-  - pkg.crossplane.io
-  resources: [providers, configurations, providerrevisions, configurationrevisions]
-  verbs: ["*"]
-# Crossplane administrators have access to view CRDs in order to debug XRDs.
-- apiGroups: [apiextensions.k8s.io]
-  resources: [customresourcedefinitions]
-  verbs: [get, list, watch]
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: crossplane:aggregate-to-edit
-  labels:
-    rbac.crossplane.io/aggregate-to-edit: "true"
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-rules:
-# Crossplane editors have access to view events.
-- apiGroups: [""]
-  resources: [events]
-  verbs: [get, list, watch]
-# Crossplane editors must create provider credential secrets, and may need to
-# read or otherwise interact with connection secrets.
-- apiGroups: [""]
-  resources: [secrets]
-  verbs: ["*"]
-# Crossplane editors may see which namespaces exist, but not edit them.
-- apiGroups: [""]
-  resources: [namespaces]
-  verbs: [get, list, watch]
-# Crossplane editors have full access to built in Crossplane types.
-- apiGroups:
-  - apiextensions.crossplane.io
-  resources: ["*"]
-  verbs: ["*"]
-- apiGroups:
-  - pkg.crossplane.io
-  resources: [providers, configurations, providerrevisions, configurationrevisions]
-  verbs: ["*"]
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: crossplane:aggregate-to-view
-  labels:
-    rbac.crossplane.io/aggregate-to-view: "true"
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-rules:
-# Crossplane viewers have access to view events.
-- apiGroups: [""]
-  resources: [events]
-  verbs: [get, list, watch]
-# Crossplane viewers may see which namespaces exist.
-- apiGroups: [""]
-  resources: [namespaces]
-  verbs: [get, list, watch]
-# Crossplane viewers have read-only access to built in Crossplane types.
-- apiGroups:
-  - apiextensions.crossplane.io
-  resources: ["*"]
-  verbs: [get, list, watch]
-- apiGroups:
-  - pkg.crossplane.io
-  resources: [providers, configurations, providerrevisions, configurationrevisions]
-  verbs: [get, list, watch]
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: crossplane:aggregate-to-browse
-  labels:
-    rbac.crossplane.io/aggregate-to-browse: "true"
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-rules:
-# Crossplane browsers have access to view events.
-- apiGroups: [""]
-  resources: [events]
-  verbs: [get, list, watch]
-# Crossplane browsers have read-only access to compositions and XRDs. This
-# allows them to discover and select an appropriate composition when creating a
-# resource claim.
-- apiGroups:
-  - apiextensions.crossplane.io
-  resources: ["*"]
-  verbs: [get, list, watch]
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-# The below ClusterRoles are aggregated to the namespaced RBAC roles created by
-# the Crossplane RBAC manager when it is running in --manage=All mode.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: crossplane:aggregate-to-ns-admin
-  labels:
-    rbac.crossplane.io/aggregate-to-ns-admin: "true"
-    rbac.crossplane.io/base-of-ns-admin: "true"
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-rules:
-# Crossplane namespace admins have access to view events.
-- apiGroups: [""]
-  resources: [events]
-  verbs: [get, list, watch]
-# Crossplane namespace admins may need to read or otherwise interact with
-# resource claim connection secrets.
-- apiGroups: [""]
-  resources: [secrets]
-  verbs: ["*"]
-# Crossplane namespace admins have access to view the roles that they may be
-# able to grant to other subjects.
-- apiGroups: [rbac.authorization.k8s.io]
-  resources: [roles]
-  verbs: [get, list, watch]
-# Crossplane namespace admins have access to grant the access they have to other
-# subjects.
-- apiGroups: [rbac.authorization.k8s.io]
-  resources: [rolebindings]
-  verbs: ["*"]
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: crossplane:aggregate-to-ns-edit
-  labels:
-    rbac.crossplane.io/aggregate-to-ns-edit: "true"
-    rbac.crossplane.io/base-of-ns-edit: "true"
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-rules:
-# Crossplane namespace editors have access to view events.
-- apiGroups: [""]
-  resources: [events]
-  verbs: [get, list, watch]
-# Crossplane namespace editors may need to read or otherwise interact with
-# resource claim connection secrets.
-- apiGroups: [""]
-  resources: [secrets]
-  verbs: ["*"]
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: crossplane:aggregate-to-ns-view
-  labels:
-    rbac.crossplane.io/aggregate-to-ns-view: "true"
-    rbac.crossplane.io/base-of-ns-view: "true"
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-rules:
-# Crossplane namespace viewers have access to view events.
-- apiGroups: [""]
-  resources: [events]
-  verbs: [get, list, watch]
----
-# Source: crossplane/templates/clusterrolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: crossplane
-  labels:
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: crossplane
-subjects:
-- kind: ServiceAccount
-  name: crossplane
-  namespace: crossplane-system
----
-# Source: crossplane/templates/rbac-manager-clusterrolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: crossplane-rbac-manager
-  labels:
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: crossplane-rbac-manager
-subjects:
-- kind: ServiceAccount
-  name: rbac-manager
-  namespace: crossplane-system
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: crossplane-admin
-  labels:
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: crossplane-admin
-subjects:
-- apiGroup: rbac.authorization.k8s.io
-  kind: Group
-  name: crossplane:masters
----
-# Source: crossplane/templates/deployment.yaml
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: crossplane
-  labels:
-    app: crossplane
-    release: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: crossplane
-      release: crossplane
-  strategy:
-    type: RollingUpdate
-  template:
-    metadata:
-      labels:
-        app: crossplane
-        release: crossplane
-        helm.sh/chart: crossplane-1.10.1
-        app.kubernetes.io/managed-by: Helm
-        app.kubernetes.io/component: cloud-infrastructure-controller
-        app.kubernetes.io/part-of: crossplane
-        app.kubernetes.io/name: crossplane
-        app.kubernetes.io/instance: crossplane
-        app.kubernetes.io/version: "1.10.1"
-    spec:
-      securityContext:
-        {}
-      serviceAccountName: crossplane
-      initContainers:
-        - image: crossplane/crossplane:v1.10.1
-          args:
-          - core
-          - init
-          imagePullPolicy: IfNotPresent
-          name: crossplane-init
-          resources:
-            limits:
-              cpu: 100m
-              memory: 512Mi
-            requests:
-              cpu: 100m
-              memory: 256Mi
-          securityContext:
-            allowPrivilegeEscalation: false
-            readOnlyRootFilesystem: true
-            runAsGroup: 65532
-            runAsUser: 65532
-          env:
-          - name: POD_NAMESPACE
-            valueFrom:
-              fieldRef:
-                fieldPath: metadata.namespace
-          - name: POD_SERVICE_ACCOUNT
-            valueFrom:
-              fieldRef:
-                fieldPath: spec.serviceAccountName
-      containers:
-      - image: crossplane/crossplane:v1.10.1
-        args:
-        - core
-        - start
-        imagePullPolicy: IfNotPresent
-        name: crossplane
-        resources:
-            limits:
-              cpu: 100m
-              memory: 512Mi
-            requests:
-              cpu: 100m
-              memory: 256Mi
-        securityContext:
-            allowPrivilegeEscalation: false
-            readOnlyRootFilesystem: true
-            runAsGroup: 65532
-            runAsUser: 65532
-        env:
-          - name: POD_NAMESPACE
-            valueFrom:
-              fieldRef:
-                fieldPath: metadata.namespace
-          - name: LEADER_ELECTION
-            value: "true"
-        volumeMounts:
-          - mountPath: /cache
-            name: package-cache
-      volumes:
-      - name: package-cache
-        emptyDir:
-          medium:
-          sizeLimit: 5Mi
----
-# Source: crossplane/templates/rbac-manager-deployment.yaml
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: crossplane-rbac-manager
-  labels:
-    app: crossplane-rbac-manager
-    release: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: crossplane-rbac-manager
-      release: crossplane
-  strategy:
-    type: RollingUpdate
-  template:
-    metadata:
-      labels:
-        app: crossplane-rbac-manager
-        release: crossplane
-        helm.sh/chart: crossplane-1.10.1
-        app.kubernetes.io/managed-by: Helm
-        app.kubernetes.io/component: cloud-infrastructure-controller
-        app.kubernetes.io/part-of: crossplane
-        app.kubernetes.io/name: crossplane
-        app.kubernetes.io/instance: crossplane
-        app.kubernetes.io/version: "1.10.1"
-    spec:
-      securityContext:
-        {}
-      serviceAccountName: rbac-manager
-      initContainers:
-      - image: crossplane/crossplane:v1.10.1
-        args:
-        - rbac
-        - init
-        imagePullPolicy: IfNotPresent
-        name: crossplane-init
-        resources:
-            limits:
-              cpu: 100m
-              memory: 512Mi
-            requests:
-              cpu: 100m
-              memory: 256Mi
-        securityContext:
-            allowPrivilegeEscalation: false
-            readOnlyRootFilesystem: true
-            runAsGroup: 65532
-            runAsUser: 65532
-      containers:
-      - image: crossplane/crossplane:v1.10.1
-        args:
-        - rbac
-        - start
-        - --manage=All
-        - --provider-clusterrole=crossplane:allowed-provider-permissions
-        imagePullPolicy: IfNotPresent
-        name: crossplane
-        resources:
-            limits:
-              cpu: 100m
-              memory: 512Mi
-            requests:
-              cpu: 100m
-              memory: 256Mi
-        securityContext:
-            allowPrivilegeEscalation: false
-            readOnlyRootFilesystem: true
-            runAsGroup: 65532
-            runAsUser: 65532
-        env:
-          - name: LEADER_ELECTION
-            value: "true"
-
-NOTES:
-Release: crossplane
-
-Chart Name: crossplane
-Chart Description: Crossplane is an open source Kubernetes add-on that enables platform teams to assemble infrastructure from multiple vendors, and expose higher level self-service APIs for application teams to consume.
-Chart Version: 1.10.1
-Chart Application Version: 1.10.1
-
-Kube Version: v1.24.9
-```
-{{< /expand >}}
-
-Install the Crossplane components using `helm install`.
-
-```shell
-helm install crossplane \
-crossplane-stable/crossplane \
---namespace crossplane-system \
---create-namespace
-```
-
-Verify Crossplane installed with `kubectl get pods`.
-
-```shell {copy-lines="1"}
-kubectl get pods -n crossplane-system
-NAME                                      READY   STATUS    RESTARTS   AGE
-crossplane-d4cd8d784-ldcgb                1/1     Running   0          54s
-crossplane-rbac-manager-84769b574-6mw6f   1/1     Running   0          54s
-```
-
-Installing Crossplane creates new Kubernetes API end-points. Look at the new API end-points with `kubectl api-resources  | grep crossplane`.
-
-```shell  {label="grep",copy-lines="1"}
-kubectl api-resources  | grep crossplane
-compositeresourcedefinitions      xrd,xrds     apiextensions.crossplane.io/v1         false        CompositeResourceDefinition
-compositionrevisions                           apiextensions.crossplane.io/v1alpha1   false        CompositionRevision
-compositions                                   apiextensions.crossplane.io/v1         false        Composition
-configurationrevisions                         pkg.crossplane.io/v1                   false        ConfigurationRevision
-configurations                                 pkg.crossplane.io/v1                   false        Configuration
-controllerconfigs                              pkg.crossplane.io/v1alpha1             false        ControllerConfig
-locks                                          pkg.crossplane.io/v1beta1              false        Lock
-providerrevisions                              pkg.crossplane.io/v1                   false        ProviderRevision
-providers                                      pkg.crossplane.io/v1                   false        Provider
-storeconfigs                                   secrets.crossplane.io/v1alpha1         false        StoreConfig
-```
+{{<include file="/master/getting-started/install-crossplane-include.md" type="page" >}}
 
 ## Install the AWS provider
 
-Install the provider into the Kubernetes cluster with a Kubernetes configuration file. 
+Install the AWS S3 provider into the Kubernetes cluster with a Kubernetes 
+configuration file. 
 
 ```yaml {label="provider",copy-lines="all"}
 cat <<EOF | kubectl apply -f -
 apiVersion: pkg.crossplane.io/v1
 kind: Provider
 metadata:
-  name: upbound-provider-aws
+  name: provider-aws-s3
 spec:
-  package: xpkg.upbound.io/upbound/provider-aws:v0.27.0
+  package: xpkg.upbound.io/upbound/provider-aws-s3:v0.37.0
 EOF
 ```
 
-The Crossplane {{< hover label="provider" line="3" >}}Provider{{</hover>}} Custom Resource Definition tells Kubernetes how to
-connect to the provider.
+The Crossplane {{< hover label="provider" line="3" >}}Provider{{</hover>}}
+installs the Kubernetes _Custom Resource Definitions_ (CRDs) representing AWS S3
+services. These CRDs allow you to create AWS resources directly inside 
+Kubernetes.
 
 Verify the provider installed with `kubectl get providers`. 
 
-{{< hint type="note" >}}
-It may take up to five minutes for the provider to list `HEALTHY` as `True`. 
-{{< /hint >}}
 
-```shell {copy-lines="1"}
+```shell {copy-lines="1",label="getProvider"}
 kubectl get providers
-NAME                   INSTALLED   HEALTHY   PACKAGE                                        AGE
-upbound-provider-aws   True        True      xpkg.upbound.io/upbound/provider-aws:v0.27.0   12m
+NAME                          INSTALLED   HEALTHY   PACKAGE                                               AGE
+provider-aws-s3               True        True      xpkg.upbound.io/upbound/provider-aws-s3:v0.37.0       2m53s
+upbound-provider-family-aws   True        True      xpkg.upbound.io/upbound/provider-family-aws:v0.37.0   2m48s
 ```
 
-A provider installs their own Kubernetes _Custom Resource Definitions_ (CRDs). These CRDs allow you to create AWS resources directly inside Kubernetes.
+The S3 Provider installs a second Provider, the
+{{<hover label="getProvider" line="4">}}upbound-provider-family-aws{{</hover >}}.   
+The family provider manages authentication to AWS across all AWS family
+Providers. 
 
-You can view the new CRDs with `kubectl get crds`. Every CRD maps to a unique AWS service Crossplane can provision and manage.
 
+You can view the new CRDs with `kubectl get crds`.  
+Every CRD maps to a unique AWS service Crossplane can provision and manage.
 
 {{< hint type="tip" >}}
-See details about all the supported CRDs in the [Upbound Marketplace](https://marketplace.upbound.io/providers/upbound/provider-family-aws/).
+See details about all the supported CRDs in the 
+[Upbound Marketplace](https://marketplace.upbound.io/providers/upbound/provider-aws-s3/v0.37.0).
 {{< /hint >}}
 
 ## Create a Kubernetes secret for AWS
-The provider requires credentials to create and manage AWS resources. Providers use a Kubernetes _Secret_ to connect the credentials to the provider.
+The provider requires credentials to create and manage AWS resources.  
+Providers use a Kubernetes _Secret_ to connect the credentials to the provider.
 
-First generate a Kubernetes _Secret_ from your AWS key-pair and then configure the Provider to use it.
-
-{{< hint type="note" >}}
-Other authentication methods exist and are beyond the scope of this guide. The [Provider documentation](https://marketplace.upbound.io/providers/upbound/provider-aws/latest/docs/configuration) contains information on alternative authentication methods. 
-{{< /hint >}}
+Generate a Kubernetes _Secret_ from your AWS key-pair and 
+then configure the Provider to use it.
 
 ### Generate an AWS key-pair file
 For basic user authentication, use an AWS Access keys key-pair file. 
 
 {{< hint type="tip" >}}
-The [AWS documentation](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-creds) provides information on how to generate AWS Access keys.
+The [AWS documentation](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-creds) 
+provides information on how to generate AWS Access keys.
 {{< /hint >}}
 
 Create a text file containing the AWS account `aws_access_key_id` and `aws_secret_access_key`.  
 
+{{< editCode >}}
 ```ini {copy-lines="all"}
 [default]
-aws_access_key_id = <aws_access_key>
-aws_secret_access_key = <aws_secret_key>
+aws_access_key_id = $@<aws_access_key>$@
+aws_secret_access_key = $@<aws_secret_key>$@
 ```
+{{< /editCode >}}
 
 Save this text file as `aws-credentials.txt`.
 
@@ -1097,7 +102,13 @@ The [Configuration](https://marketplace.upbound.io/providers/upbound/provider-aw
 {{< /hint >}}
 
 ### Create a Kubernetes secret with the AWS credentials
-A Kubernetes generic secret has a name and contents. Use {{< hover label="kube-create-secret" line="1">}}kubectl create secret{{< /hover >}} to generate the secret object named {{< hover label="kube-create-secret" line="2">}}aws-secret{{< /hover >}} in the {{< hover label="kube-create-secret" line="3">}}crossplane-system{{</ hover >}} namespace.  
+A Kubernetes generic secret has a name and contents.  
+Use 
+{{< hover label="kube-create-secret" line="1">}}kubectl create secret{{</hover >}}  
+to generate the secret object named 
+{{< hover label="kube-create-secret" line="2">}}aws-secret{{< /hover >}}  
+in the {{< hover label="kube-create-secret" line="3">}}crossplane-system{{</ hover >}} namespace.  
+
 Use the {{< hover label="kube-create-secret" line="4">}}--from-file={{</hover>}} argument to set the value to the contents of the  {{< hover label="kube-create-secret" line="4">}}aws-credentials.txt{{< /hover >}} file.
 
 ```shell {label="kube-create-secret",copy-lines="all"}
@@ -1128,9 +139,12 @@ creds:  114 bytes
 ```
 
 ## Create a ProviderConfig
-A `ProviderConfig` customizes the settings of the AWS Provider.  
+A {{< hover label="providerconfig" line="3">}}ProviderConfig{{</ hover >}}
+customizes the settings of the AWS Provider.  
 
-Apply the {{< hover label="providerconfig" line="2">}}ProviderConfig{{</ hover >}} with the command:
+Apply the 
+{{< hover label="providerconfig" line="3">}}ProviderConfig{{</ hover >}} 
+with the this Kubernetes configuration file:
 ```yaml {label="providerconfig",copy-lines="all"}
 cat <<EOF | kubectl apply -f -
 apiVersion: aws.upbound.io/v1beta1
@@ -1147,13 +161,22 @@ spec:
 EOF
 ```
 
-This attaches the AWS credentials, saved as a Kubernetes secret, as a {{< hover label="providerconfig" line="9">}}secretRef{{</ hover>}}.
+This attaches the AWS credentials, saved as a Kubernetes secret, as a 
+{{< hover label="providerconfig" line="9">}}secretRef{{</ hover>}}.
 
-The {{< hover label="providerconfig" line="11">}}spec.credentials.secretRef.name{{< /hover >}} value is the name of the Kubernetes secret containing the AWS credentials in the {{< hover label="providerconfig" line="10">}}spec.credentials.secretRef.namespace{{< /hover >}}.
+The 
+{{< hover label="providerconfig" line="11">}}spec.credentials.secretRef.name{{< /hover >}} 
+value is the name of the Kubernetes secret containing the AWS credentials in the 
+{{< hover label="providerconfig" line="10">}}spec.credentials.secretRef.namespace{{< /hover >}}.
 
 
 ## Create a managed resource
-A _managed resource_ is anything Crossplane creates and manages outside of the Kubernetes cluster. This creates an AWS S3 bucket with Crossplane. The S3 bucket is a _managed resource_.
+A _managed resource_ is anything Crossplane creates and manages outside of the 
+Kubernetes cluster.  
+
+This guide creates an AWS S3 bucket with Crossplane.  
+
+The S3 bucket is a _managed resource_.
 
 {{< hint type="note" >}}
 AWS S3 bucket names must be globally unique. To generate a unique name the example uses a random hash. 
@@ -1175,13 +198,20 @@ spec:
 EOF
 ```
 
-The {{< hover label="xr" line="3">}}apiVersion{{< /hover >}} and {{< hover label="xr" line="4">}}kind{{</hover >}} are from the provider's CRDs.
+The {{< hover label="xr" line="3">}}apiVersion{{< /hover >}} and 
+{{< hover label="xr" line="4">}}kind{{</hover >}} are from the provider's CRDs.
+
 
+The {{< hover label="xr" line="6">}}metadata.name{{< /hover >}} value is the 
+name of the created S3 bucket in AWS.  
+This example uses the generated name `crossplane-bucket-<hash>` in the 
+{{< hover label="xr" line="6">}}$bucket{{</hover >}} variable.
 
-The {{< hover label="xr" line="6">}}metadata.name{{< /hover >}} value is the name of the created S3 bucket in AWS.  
-This example uses the generated name `crossplane-bucket-<hash>` in the {{< hover label="xr" line="6">}}`$bucket`{{</hover >}} variable.
+The {{< hover label="xr" line="9">}}spec.forProvider.region{{< /hover >}} tells 
+AWS which AWS region to use when deploying resources.  
 
-The {{< hover label="xr" line="9">}}spec.forProvider.region{{< /hover >}} tells AWS which AWS region to use when deploying resources. The region can be any [AWS Regional endpoint](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints) code.
+The region can be any 
+[AWS Regional endpoint](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints) code.
 
 Use `kubectl get buckets` to verify Crossplane created the bucket.
 
@@ -1207,6 +237,9 @@ bucket.s3.aws.upbound.io "crossplane-bucket-45eed4ae0" deleted
 ```
 
 ## Next steps
-* [**Continue to part 2**]({{< ref "provider-aws-part-2">}})** to create a Crossplane _Composite Resource_ and _Claim_.
-* Explore AWS resources that Crossplane can configure in the [Provider CRD reference](https://marketplace.upbound.io/providers/upbound/provider-family-aws/).
-* Join the [Crossplane Slack](https://slack.crossplane.io/) and connect with Crossplane users and contributors.
\ No newline at end of file
+* [**Continue to part 2**]({{< ref "provider-aws-part-2">}}) to create a 
+  Crossplane _Composite Resource_ and _Claim_.
+* Explore AWS resources that Crossplane can configure in the 
+  [Provider CRD reference](https://marketplace.upbound.io/providers/upbound/provider-family-aws/).
+* Join the [Crossplane Slack](https://slack.crossplane.io/) and connect with 
+  Crossplane users and contributors.
\ No newline at end of file
diff --git a/content/v1.13/getting-started/install-crossplane-include.md b/content/v1.13/getting-started/install-crossplane-include.md
new file mode 100644
index 000000000..aa315962c
--- /dev/null
+++ b/content/v1.13/getting-started/install-crossplane-include.md
@@ -0,0 +1,1198 @@
+---
+tocHidden: true
+---
+
+## Install Crossplane
+
+Crossplane installs into an existing Kubernetes cluster. 
+
+{{< hint type="tip" >}}
+If you don't have a Kubernetes cluster create one locally with [Kind](https://kind.sigs.k8s.io/).
+{{< /hint >}}
+
+
+### Install the Crossplane Helm chart
+
+Helm enables Crossplane to install all its Kubernetes components through a _Helm Chart_.
+
+Enable the Crossplane Helm Chart repository:
+
+```shell
+helm repo add \
+crossplane-stable https://charts.crossplane.io/stable
+helm repo update
+```
+
+Run the Helm dry-run to see all the Crossplane components Helm installs.
+
+```shell
+helm install crossplane \
+crossplane-stable/crossplane \
+--dry-run --debug \
+--namespace crossplane-system \
+--create-namespace
+```
+{{<expand "View the Helm dry-run" >}}
+```shell
+helm install crossplane \
+crossplane-stable/crossplane \
+--dry-run --debug \
+--namespace crossplane-system \
+--create-namespace
+install.go:200: [debug] Original chart version: ""
+install.go:217: [debug] CHART PATH: /home/vagrant/.cache/helm/repository/crossplane-1.13.0.tgz
+
+NAME: crossplane
+LAST DEPLOYED: Fri Jul 28 13:57:41 2023
+NAMESPACE: crossplane-system
+STATUS: pending-install
+REVISION: 1
+TEST SUITE: None
+USER-SUPPLIED VALUES:
+{}
+
+COMPUTED VALUES:
+affinity: {}
+args: []
+configuration:
+  packages: []
+customAnnotations: {}
+customLabels: {}
+deploymentStrategy: RollingUpdate
+extraEnvVarsCrossplane: {}
+extraEnvVarsRBACManager: {}
+extraVolumeMountsCrossplane: {}
+extraVolumesCrossplane: {}
+hostNetwork: false
+image:
+  pullPolicy: IfNotPresent
+  repository: crossplane/crossplane
+  tag: ""
+imagePullSecrets: {}
+leaderElection: true
+metrics:
+  enabled: false
+nodeSelector: {}
+packageCache:
+  configMap: ""
+  medium: ""
+  pvc: ""
+  sizeLimit: 20Mi
+podSecurityContextCrossplane: {}
+podSecurityContextRBACManager: {}
+priorityClassName: ""
+provider:
+  packages: []
+rbacManager:
+  affinity: {}
+  args: []
+  deploy: true
+  leaderElection: true
+  managementPolicy: Basic
+  nodeSelector: {}
+  replicas: 1
+  skipAggregatedClusterRoles: false
+  tolerations: []
+registryCaBundleConfig:
+  key: ""
+  name: ""
+replicas: 1
+resourcesCrossplane:
+  limits:
+    cpu: 100m
+    memory: 512Mi
+  requests:
+    cpu: 100m
+    memory: 256Mi
+resourcesRBACManager:
+  limits:
+    cpu: 100m
+    memory: 512Mi
+  requests:
+    cpu: 100m
+    memory: 256Mi
+securityContextCrossplane:
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: true
+  runAsGroup: 65532
+  runAsUser: 65532
+securityContextRBACManager:
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: true
+  runAsGroup: 65532
+  runAsUser: 65532
+serviceAccount:
+  customAnnotations: {}
+tolerations: []
+webhooks:
+  enabled: true
+xfn:
+  args: []
+  cache:
+    configMap: ""
+    medium: ""
+    pvc: ""
+    sizeLimit: 1Gi
+  enabled: false
+  extraEnvVars: {}
+  image:
+    pullPolicy: IfNotPresent
+    repository: crossplane/xfn
+    tag: ""
+  resources:
+    limits:
+      cpu: 2000m
+      memory: 2Gi
+    requests:
+      cpu: 1000m
+      memory: 1Gi
+  securityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      add:
+      - SETUID
+      - SETGID
+    readOnlyRootFilesystem: true
+    runAsGroup: 65532
+    runAsUser: 65532
+    seccompProfile:
+      type: Unconfined
+
+HOOKS:
+MANIFEST:
+---
+# Source: crossplane/templates/rbac-manager-serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rbac-manager
+  namespace: crossplane-system
+  labels:
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+---
+# Source: crossplane/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: crossplane
+  namespace: crossplane-system
+  labels:
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+---
+# Source: crossplane/templates/secret.yaml
+# The reason this is created empty and filled by the init container is that it's
+# mounted by the actual container, so if it wasn't created by Helm, then the
+# deployment wouldn't be deployed at all with secret to mount not found error.
+# In addition, Helm would delete this secret after uninstallation so the new
+# installation of Crossplane would use its own certificate.
+apiVersion: v1
+kind: Secret
+metadata:
+  name: webhook-tls-secret
+  namespace: crossplane-system
+type: Opaque
+---
+# Source: crossplane/templates/clusterrole.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: crossplane
+  labels:
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      rbac.crossplane.io/aggregate-to-crossplane: "true"
+---
+# Source: crossplane/templates/clusterrole.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: crossplane:system:aggregate-to-crossplane
+  labels:
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+    crossplane.io/scope: "system"
+    rbac.crossplane.io/aggregate-to-crossplane: "true"
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - "*"
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts
+  - services
+  verbs:
+  - "*"
+- apiGroups:
+  - apiextensions.crossplane.io
+  - pkg.crossplane.io
+  - secrets.crossplane.io
+  resources:
+  - "*"
+  verbs:
+  - "*"
+- apiGroups:
+  - extensions
+  - apps
+  resources:
+  - deployments
+  verbs:
+  - get
+  - list
+  - create
+  - update
+  - patch
+  - delete
+  - watch
+- apiGroups:
+  - ""
+  - coordination.k8s.io
+  resources:
+  - configmaps
+  - leases
+  verbs:
+  - get
+  - list
+  - create
+  - update
+  - patch
+  - watch
+  - delete
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - validatingwebhookconfigurations
+  - mutatingwebhookconfigurations
+  verbs:
+  - get
+  - list
+  - create
+  - update
+  - patch
+  - watch
+  - delete
+---
+# Source: crossplane/templates/rbac-manager-allowed-provider-permissions.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: crossplane:allowed-provider-permissions
+  labels:
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      rbac.crossplane.io/aggregate-to-allowed-provider-permissions: "true"
+---
+# Source: crossplane/templates/rbac-manager-clusterrole.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: crossplane-rbac-manager
+  labels:
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  - serviceaccounts
+  verbs:
+  - get
+  - list
+  - watch
+# The RBAC manager creates a series of RBAC roles for each namespace it sees.
+# These RBAC roles are controlled (in the owner reference sense) by the namespace.
+# The RBAC manager needs permission to set finalizers on Namespaces in order to
+# create resources that block their deletion when the
+# OwnerReferencesPermissionEnforcement admission controller is enabled.
+# See https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
+- apiGroups:
+  - ""
+  resources:
+  - namespaces/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - apiextensions.crossplane.io
+  resources:
+  - compositeresourcedefinitions
+  verbs:
+  - get
+  - list
+  - watch
+# The RBAC manager creates a series of RBAC cluster roles for each XRD it sees.
+# These cluster roles are controlled (in the owner reference sense) by the XRD.
+# The RBAC manager needs permission to set finalizers on XRDs in order to
+# create resources that block their deletion when the
+# OwnerReferencesPermissionEnforcement admission controller is enabled.
+# See https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
+- apiGroups:
+  - apiextensions.crossplane.io
+  resources:
+  - compositeresourcedefinitions/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - pkg.crossplane.io
+  resources:
+  - providerrevisions
+  verbs:
+  - get
+  - list
+  - watch
+# The RBAC manager creates a series of RBAC cluster roles for each ProviderRevision
+# it sees. These cluster roles are controlled (in the owner reference sense) by the
+# ProviderRevision. The RBAC manager needs permission to set finalizers on
+# ProviderRevisions in order to create resources that block their deletion when the
+# OwnerReferencesPermissionEnforcement admission controller is enabled.
+# See https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
+- apiGroups:
+  - pkg.crossplane.io
+  resources:
+  - providerrevisions/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterroles
+  - roles
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  # The RBAC manager may grant access it does not have.
+  - escalate
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterroles
+  verbs:
+  - bind
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterrolebindings
+  verbs:
+  - "*"
+- apiGroups:
+  - ""
+  - coordination.k8s.io
+  resources:
+  - configmaps
+  - leases
+  verbs:
+  - get
+  - list
+  - create
+  - update
+  - patch
+  - watch
+  - delete
+---
+# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: crossplane-admin
+  labels:
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      rbac.crossplane.io/aggregate-to-admin: "true"
+---
+# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: crossplane-edit
+  labels:
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      rbac.crossplane.io/aggregate-to-edit: "true"
+---
+# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: crossplane-view
+  labels:
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      rbac.crossplane.io/aggregate-to-view: "true"
+---
+# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: crossplane-browse
+  labels:
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      rbac.crossplane.io/aggregate-to-browse: "true"
+---
+# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: crossplane:aggregate-to-admin
+  labels:
+    rbac.crossplane.io/aggregate-to-admin: "true"
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+rules:
+# Crossplane administrators have access to view events.
+- apiGroups: [""]
+  resources: [events]
+  verbs: [get, list, watch]
+# Crossplane administrators must create provider credential secrets, and may
+# need to read or otherwise interact with connection secrets. They may also need
+# to create or annotate namespaces.
+- apiGroups: [""]
+  resources: [secrets, namespaces]
+  verbs: ["*"]
+# Crossplane administrators have access to view the roles that they may be able
+# to grant to other subjects.
+- apiGroups: [rbac.authorization.k8s.io]
+  resources: [clusterroles, roles]
+  verbs: [get, list, watch]
+# Crossplane administrators have access to grant the access they have to other
+# subjects.
+- apiGroups: [rbac.authorization.k8s.io]
+  resources: [clusterrolebindings, rolebindings]
+  verbs: ["*"]
+# Crossplane administrators have full access to built in Crossplane types.
+- apiGroups:
+  - apiextensions.crossplane.io
+  resources: ["*"]
+  verbs: ["*"]
+- apiGroups:
+  - pkg.crossplane.io
+  resources: [locks, providers, configurations, providerrevisions, configurationrevisions]
+  verbs: ["*"]
+# Crossplane administrators have access to view CRDs in order to debug XRDs.
+- apiGroups: [apiextensions.k8s.io]
+  resources: [customresourcedefinitions]
+  verbs: [get, list, watch]
+---
+# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: crossplane:aggregate-to-edit
+  labels:
+    rbac.crossplane.io/aggregate-to-edit: "true"
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+rules:
+# Crossplane editors have access to view events.
+- apiGroups: [""]
+  resources: [events]
+  verbs: [get, list, watch]
+# Crossplane editors must create provider credential secrets, and may need to
+# read or otherwise interact with connection secrets.
+- apiGroups: [""]
+  resources: [secrets]
+  verbs: ["*"]
+# Crossplane editors may see which namespaces exist, but not edit them.
+- apiGroups: [""]
+  resources: [namespaces]
+  verbs: [get, list, watch]
+# Crossplane editors have full access to built in Crossplane types.
+- apiGroups:
+  - apiextensions.crossplane.io
+  resources: ["*"]
+  verbs: ["*"]
+- apiGroups:
+  - pkg.crossplane.io
+  resources: [locks, providers, configurations, providerrevisions, configurationrevisions]
+  verbs: ["*"]
+---
+# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: crossplane:aggregate-to-view
+  labels:
+    rbac.crossplane.io/aggregate-to-view: "true"
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+rules:
+# Crossplane viewers have access to view events.
+- apiGroups: [""]
+  resources: [events]
+  verbs: [get, list, watch]
+# Crossplane viewers may see which namespaces exist.
+- apiGroups: [""]
+  resources: [namespaces]
+  verbs: [get, list, watch]
+# Crossplane viewers have read-only access to built in Crossplane types.
+- apiGroups:
+  - apiextensions.crossplane.io
+  resources: ["*"]
+  verbs: [get, list, watch]
+- apiGroups:
+  - pkg.crossplane.io
+  resources: [locks, providers, configurations, providerrevisions, configurationrevisions]
+  verbs: [get, list, watch]
+---
+# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: crossplane:aggregate-to-browse
+  labels:
+    rbac.crossplane.io/aggregate-to-browse: "true"
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+rules:
+# Crossplane browsers have access to view events.
+- apiGroups: [""]
+  resources: [events]
+  verbs: [get, list, watch]
+# Crossplane browsers have read-only access to compositions and XRDs. This
+# allows them to discover and select an appropriate composition when creating a
+# resource claim.
+- apiGroups:
+  - apiextensions.crossplane.io
+  resources: ["*"]
+  verbs: [get, list, watch]
+---
+# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
+# The below ClusterRoles are aggregated to the namespaced RBAC roles created by
+# the Crossplane RBAC manager when it is running in --manage=All mode.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: crossplane:aggregate-to-ns-admin
+  labels:
+    rbac.crossplane.io/aggregate-to-ns-admin: "true"
+    rbac.crossplane.io/base-of-ns-admin: "true"
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+rules:
+# Crossplane namespace admins have access to view events.
+- apiGroups: [""]
+  resources: [events]
+  verbs: [get, list, watch]
+# Crossplane namespace admins may need to read or otherwise interact with
+# resource claim connection secrets.
+- apiGroups: [""]
+  resources: [secrets]
+  verbs: ["*"]
+# Crossplane namespace admins have access to view the roles that they may be
+# able to grant to other subjects.
+- apiGroups: [rbac.authorization.k8s.io]
+  resources: [roles]
+  verbs: [get, list, watch]
+# Crossplane namespace admins have access to grant the access they have to other
+# subjects.
+- apiGroups: [rbac.authorization.k8s.io]
+  resources: [rolebindings]
+  verbs: ["*"]
+---
+# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: crossplane:aggregate-to-ns-edit
+  labels:
+    rbac.crossplane.io/aggregate-to-ns-edit: "true"
+    rbac.crossplane.io/base-of-ns-edit: "true"
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+rules:
+# Crossplane namespace editors have access to view events.
+- apiGroups: [""]
+  resources: [events]
+  verbs: [get, list, watch]
+# Crossplane namespace editors may need to read or otherwise interact with
+# resource claim connection secrets.
+- apiGroups: [""]
+  resources: [secrets]
+  verbs: ["*"]
+---
+# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: crossplane:aggregate-to-ns-view
+  labels:
+    rbac.crossplane.io/aggregate-to-ns-view: "true"
+    rbac.crossplane.io/base-of-ns-view: "true"
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+rules:
+# Crossplane namespace viewers have access to view events.
+- apiGroups: [""]
+  resources: [events]
+  verbs: [get, list, watch]
+---
+# Source: crossplane/templates/clusterrolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: crossplane
+  labels:
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: crossplane
+subjects:
+- kind: ServiceAccount
+  name: crossplane
+  namespace: crossplane-system
+---
+# Source: crossplane/templates/rbac-manager-clusterrolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: crossplane-rbac-manager
+  labels:
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: crossplane-rbac-manager
+subjects:
+- kind: ServiceAccount
+  name: rbac-manager
+  namespace: crossplane-system
+---
+# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: crossplane-admin
+  labels:
+    app: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: crossplane-admin
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: crossplane:masters
+---
+# Source: crossplane/templates/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: crossplane-webhooks
+  namespace: crossplane-system
+  labels:
+    app: crossplane
+    release: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+spec:
+  selector:
+    app: crossplane
+    release: crossplane
+  ports:
+  - protocol: TCP
+    port: 9443
+    targetPort: 9443
+---
+# Source: crossplane/templates/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: crossplane
+  namespace: crossplane-system
+  labels:
+    app: crossplane
+    release: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: crossplane
+      release: crossplane
+  strategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: crossplane
+        release: crossplane
+        helm.sh/chart: crossplane-1.13.0
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/component: cloud-infrastructure-controller
+        app.kubernetes.io/part-of: crossplane
+        app.kubernetes.io/name: crossplane
+        app.kubernetes.io/instance: crossplane
+        app.kubernetes.io/version: "1.13.0"
+    spec:
+      securityContext:
+        {}
+      serviceAccountName: crossplane
+      hostNetwork: false
+      initContainers:
+        - image: "crossplane/crossplane:v1.13.0"
+          args:
+          - core
+          - init
+          imagePullPolicy: IfNotPresent
+          name: crossplane-init
+          resources:
+            limits:
+              cpu: 100m
+              memory: 512Mi
+            requests:
+              cpu: 100m
+              memory: 256Mi
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            runAsGroup: 65532
+            runAsUser: 65532
+          env:
+          - name: GOMAXPROCS
+            valueFrom:
+              resourceFieldRef:
+                containerName: crossplane-init
+                resource: limits.cpu
+          - name: GOMEMLIMIT
+            valueFrom:
+              resourceFieldRef:
+                containerName: crossplane-init
+                resource: limits.memory
+          - name: POD_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+          - name: POD_SERVICE_ACCOUNT
+            valueFrom:
+              fieldRef:
+                fieldPath: spec.serviceAccountName
+          - name: "WEBHOOK_TLS_SECRET_NAME"
+            value: webhook-tls-secret
+          - name: "WEBHOOK_SERVICE_NAME"
+            value: crossplane-webhooks
+          - name: "WEBHOOK_SERVICE_NAMESPACE"
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+          - name: "WEBHOOK_SERVICE_PORT"
+            value: "9443"
+      containers:
+      - image: "crossplane/crossplane:v1.13.0"
+        args:
+        - core
+        - start
+        imagePullPolicy: IfNotPresent
+        name: crossplane
+        resources:
+            limits:
+              cpu: 100m
+              memory: 512Mi
+            requests:
+              cpu: 100m
+              memory: 256Mi
+        ports:
+        - name: webhooks
+          containerPort: 9443
+        securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            runAsGroup: 65532
+            runAsUser: 65532
+        env:
+          - name: GOMAXPROCS
+            valueFrom:
+              resourceFieldRef:
+                containerName: crossplane
+                resource: limits.cpu
+          - name: GOMEMLIMIT
+            valueFrom:
+              resourceFieldRef:
+                containerName: crossplane
+                resource: limits.memory
+          - name: POD_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+          - name: POD_SERVICE_ACCOUNT
+            valueFrom:
+              fieldRef:
+                fieldPath: spec.serviceAccountName
+          - name: LEADER_ELECTION
+            value: "true"
+          - name: "WEBHOOK_TLS_SECRET_NAME"
+            value: webhook-tls-secret
+          - name: "WEBHOOK_TLS_CERT_DIR"
+            value: /webhook/tls
+        volumeMounts:
+          - mountPath: /cache
+            name: package-cache
+          - mountPath: /webhook/tls
+            name: webhook-tls-secret
+      volumes:
+      - name: package-cache
+        emptyDir:
+          medium:
+          sizeLimit: 20Mi
+      - name: webhook-tls-secret
+        secret:
+          # NOTE(muvaf): The tls.crt is used both by the server (requires it to
+          # be a single cert) and the caBundle fields of webhook configs and CRDs
+          # which can accept a whole bundle of certificates. In order to meet
+          # the requirements of both, we require a single certificate instead of
+          # a bundle.
+          # It's assumed that initializer generates this anyway, so it should be
+          # fine.
+          secretName: webhook-tls-secret
+---
+# Source: crossplane/templates/rbac-manager-deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: crossplane-rbac-manager
+  namespace: crossplane-system
+  labels:
+    app: crossplane-rbac-manager
+    release: crossplane
+    helm.sh/chart: crossplane-1.13.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: cloud-infrastructure-controller
+    app.kubernetes.io/part-of: crossplane
+    app.kubernetes.io/name: crossplane
+    app.kubernetes.io/instance: crossplane
+    app.kubernetes.io/version: "1.13.0"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: crossplane-rbac-manager
+      release: crossplane
+  strategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: crossplane-rbac-manager
+        release: crossplane
+        helm.sh/chart: crossplane-1.13.0
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/component: cloud-infrastructure-controller
+        app.kubernetes.io/part-of: crossplane
+        app.kubernetes.io/name: crossplane
+        app.kubernetes.io/instance: crossplane
+        app.kubernetes.io/version: "1.13.0"
+    spec:
+      securityContext:
+        {}
+      serviceAccountName: rbac-manager
+      initContainers:
+      - image: "crossplane/crossplane:v1.13.0"
+        args:
+        - rbac
+        - init
+        imagePullPolicy: IfNotPresent
+        name: crossplane-init
+        resources:
+            limits:
+              cpu: 100m
+              memory: 512Mi
+            requests:
+              cpu: 100m
+              memory: 256Mi
+        securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            runAsGroup: 65532
+            runAsUser: 65532
+        env:
+          - name: GOMAXPROCS
+            valueFrom:
+              resourceFieldRef:
+                containerName: crossplane-init
+                resource: limits.cpu
+          - name: GOMEMLIMIT
+            valueFrom:
+              resourceFieldRef:
+                containerName: crossplane-init
+                resource: limits.memory
+      containers:
+      - image: "crossplane/crossplane:v1.13.0"
+        args:
+        - rbac
+        - start
+        - --manage=Basic
+        - --provider-clusterrole=crossplane:allowed-provider-permissions
+        imagePullPolicy: IfNotPresent
+        name: crossplane
+        resources:
+            limits:
+              cpu: 100m
+              memory: 512Mi
+            requests:
+              cpu: 100m
+              memory: 256Mi
+        securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            runAsGroup: 65532
+            runAsUser: 65532
+        env:
+          - name: GOMAXPROCS
+            valueFrom:
+              resourceFieldRef:
+                containerName: crossplane
+                resource: limits.cpu
+          - name: GOMEMLIMIT
+            valueFrom:
+              resourceFieldRef:
+                containerName: crossplane
+                resource: limits.memory
+          - name: LEADER_ELECTION
+            value: "true"
+
+NOTES:
+Release: crossplane
+
+Chart Name: crossplane
+Chart Description: Crossplane is an open source Kubernetes add-on that enables platform teams to assemble infrastructure from multiple vendors, and expose higher level self-service APIs for application teams to consume.
+Chart Version: 1.13.0
+Chart Application Version: 1.13.0
+
+Kube Version: v1.27.4
+```
+{{< /expand >}}
+
+Install the Crossplane components using `helm install`.
+
+```shell
+helm install crossplane \
+crossplane-stable/crossplane \
+--namespace crossplane-system \
+--create-namespace
+```
+
+Verify Crossplane installed with `kubectl get pods`.
+
+```shell {copy-lines="1"}
+kubectl get pods -n crossplane-system
+NAME                                      READY   STATUS    RESTARTS   AGE
+crossplane-d4cd8d784-ldcgb                1/1     Running   0          54s
+crossplane-rbac-manager-84769b574-6mw6f   1/1     Running   0          54s
+```
+
+Installing Crossplane creates new Kubernetes API end-points.  
+Look at the new API end-points with `kubectl api-resources  | grep crossplane`.
+
+```shell  {label="grep",copy-lines="1"}
+kubectl api-resources  | grep crossplane
+compositeresourcedefinitions      xrd,xrds     apiextensions.crossplane.io/v1         false        CompositeResourceDefinition
+compositionrevisions              comprev      apiextensions.crossplane.io/v1         false        CompositionRevision
+compositions                      comp         apiextensions.crossplane.io/v1         false        Composition
+environmentconfigs                envcfg       apiextensions.crossplane.io/v1alpha1   false        EnvironmentConfig
+configurationrevisions                         pkg.crossplane.io/v1                   false        ConfigurationRevision
+configurations                                 pkg.crossplane.io/v1                   false        Configuration
+controllerconfigs                              pkg.crossplane.io/v1alpha1             false        ControllerConfig
+locks                                          pkg.crossplane.io/v1beta1              false        Lock
+providerrevisions                              pkg.crossplane.io/v1                   false        ProviderRevision
+providers                                      pkg.crossplane.io/v1                   false        Provider
+storeconfigs                                   secrets.crossplane.io/v1alpha1         false        StoreConfig
+```
\ No newline at end of file
diff --git a/content/v1.13/getting-started/provider-aws-part-2.md b/content/v1.13/getting-started/provider-aws-part-2.md
index e604ba6da..e94f9ef7b 100644
--- a/content/v1.13/getting-started/provider-aws-part-2.md
+++ b/content/v1.13/getting-started/provider-aws-part-2.md
@@ -2,28 +2,25 @@
 title: AWS Quickstart Part 2
 weight: 120
 tocHidden: true
+aliases:
+  - /v1.13/getting-started/provider-aws-part-3
 ---
 
 {{< hint "important" >}}
-This guide is part 2 of a series. Follow [**part 1**]({{<ref "provider-aws" >}})** 
-to install Crossplane and connect your Kubernetes cluster to AWS.
+This guide is part 2 of a series.  
+
+[**Part 1**]({{<ref "provider-aws" >}}) covers
+to installing Crossplane and connect your Kubernetes cluster to AWS.
 
-[**Part 3**]({{<ref "provider-aws-part-3">}})** covers patching _composite resources_
-and using Crossplane _packages_.
 {{< /hint >}}
 
-<!-- vale gitlab.SentenceLength = NO -->
-This section creates a _[Composition](#create-a-composition)_, 
-_[Composite Resource Definition](#define-a-composite-resource)_ and a
-_[Claim](#create-a-claim)_
-to create a custom Kubernetes API to create AWS resources. 
-<!-- vale gitlab.SentenceLength = YES -->
+This guide walks you through building and accessing a custom API with Crossplane.
 
 ## Prerequisites
 * Complete [quickstart part 1]({{<ref "provider-aws" >}}) connecting Kubernetes
   to AWS.
 * an AWS account with permissions to create an AWS S3 storage bucket and a
-DynamoDB instance
+  DynamoDB instance
 
 {{<expand "Skip part 1 and just get started" >}}
 1. Add the Crossplane Helm repository and install Crossplane
@@ -45,9 +42,9 @@ cat <<EOF | kubectl apply -f -
 apiVersion: pkg.crossplane.io/v1
 kind: Provider
 metadata:
-  name: upbound-provider-aws
+  name: provider-aws-s3
 spec:
-  package: xpkg.upbound.io/upbound/provider-aws:v0.27.0
+  package: xpkg.upbound.io/upbound/provider-aws-s3:v0.37.0
 EOF
 ```
 
@@ -84,476 +81,144 @@ EOF
 ```
 {{</expand >}}
 
-## Create a composition
-[Part 1]({{<ref "provider-aws" >}}) created a single _managed resource_.
-A _Composition_ is a template to create multiple _managed resources_ at the same time.
-
-This sample _composition_ creates an DynamoDB instance and associated S3 storage 
-bucket. 
-
-{{< hint "note" >}}
-This example comes from the AWS recommendation for 
-[storing large DynamoDB attributes in S3](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/bp-use-s3-too.html#bp-use-s3-too-large-values). 
-{{< /hint >}}
-
-To create a _composition_, first define each individual managed resource.
-
-### Create an S3 bucket object
-Define a `bucket` resource using the configuration from the previous section:
-
-```yaml
-apiVersion: s3.aws.upbound.io/v1beta1
-kind: Bucket
-metadata:
-  name: crossplane-quickstart-bucket
-spec:
-  forProvider:
-    region: "us-east-2"
-  providerConfigRef:
-    name: default
-```
-
-### Create a DynamoDB table resource
-Next, define a DynamoDB `table` resource. 
-
-{{< hint "tip" >}}
-The [Upbound Marketplace](https://marketplace.upbound.io/) provides
-[schema documentation](https://marketplace.upbound.io/providers/upbound/provider-aws/v0.27.0/resources/dynamodb.aws.upbound.io/Table/v1beta1) for a `Table` resource.
-{{< /hint >}}
-
-The _AWS Provider_ defines the 
-{{<hover line="1" label="dynamoMR">}}apiVersion{{</hover>}} 
-and 
-{{<hover line="2" label="dynamoMR">}}kind{{</hover>}}.
-
-DynamoDB instances require a
-{{<hover line="7" label="dynamoMR">}}region{{</hover>}},
-{{<hover line="8" label="dynamoMR">}}writeCapacity{{</hover>}}
-and 
-{{<hover line="9" label="dynamoMR">}}readCapacity{{</hover>}}
-parameters.
-
-The {{<hover line="10" label="dynamoMR">}}attribute{{</hover>}} section creates
-the database "Partition key" and "Hash key."
-
-This example creates a single key named 
-{{<hover line="11" label="dynamoMR">}}S3ID{{</hover>}} of type
-{{<hover line="12" label="dynamoMR">}}S{{</hover>}} for "string" 
-```yaml {label="dynamoMR"}
-apiVersion: dynamodb.aws.upbound.io/v1beta1
-kind: Table
-metadata:
-  name: crossplane-quickstart-database
-spec:
-  forProvider:
-    region: "us-east-2"
-    writeCapacity: 1
-    readCapacity: 1
-    attribute:
-      - name: S3ID
-        type: S
-    hashKey: S3ID
-```
-
-{{< hint "note" >}}
-DynamoDB specifics are beyond the scope of this guide. Read the 
-[DynamoDB Developer Guide](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Introduction.html)
-for more information.
-{{</hint >}}
-
-### Create the composition object
-The _composition_ combines the two resource definitions.
+## Create a custom API
 
-A 
-{{<hover label="compName" line="2">}}Composition{{</ hover>}} comes from the
-{{<hover label="compName" line="1">}}Crossplane{{</ hover>}} 
-API resources.
+<!-- vale alex.Condescending = NO -->
+Crossplane allows you to build your own custom APIs for your users, abstracting
+away details about the cloud provider and their resources. You can make your API
+as complex or simple as you wish. 
+<!-- vale alex.Condescending = YES -->
 
-Create any {{<hover label="compName" line="4">}}name{{</ hover>}} for this _composition_.
+The custom API is a Kubernetes object.  
+Here is an example custom API.
 
-```yaml {label="compName"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: Composition
+```yaml {label="exAPI"}
+apiVersion: database.example.com/v1alpha1
+kind: NoSQL
 metadata:
-  name: dynamoDBWithS3
-```
-
-Add the resources to the 
-{{<hover label="specResources" line="5">}}spec.resources{{</ hover>}} 
-section of the _composition_.
-
-Give each resource a 
-{{<hover label="specResources" line="7">}}name{{</ hover>}} 
-and put the resource definition under the
-{{<hover label="specResources" line="8">}}base{{</ hover>}} 
-key.
-
-```yaml {label="specResources"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: Composition
-metadata:
-  name: dynamoDBWithS3
-spec:
-  resources:
-    - name: s3Bucket
-      base:
-        apiVersion: s3.aws.upbound.io/v1beta1
-        kind: Bucket
-        metadata:
-          name: crossplane-quickstart-bucket
-        spec:
-          forProvider:
-            region: "us-east-2"
-          providerConfigRef:
-            name: default
-    - name: dynamoDB
-      base:
-        apiVersion: dynamodb.aws.upbound.io/v1beta1
-        kind: Table
-        metadata:
-          name: crossplane-quickstart-database
-        spec:
-          forProvider:
-            region: "us-east-2"
-            writeCapacity: 1
-            readCapacity: 1
-            attribute:
-              - name: S3ID
-                type: S
-            hashKey: S3ID
+  name: my-nosql-database
+spec: 
+  location: "US"
 ```
 
-Put the entire resource definition including the 
-{{<hover label="specResources" line="20">}}apiVersion{{</ hover>}} and resource
-settings under the 
-{{<hover label="specResources" line="19">}}base{{</ hover>}}.
-
-_Compositions_ are only a template for generating resources. A _composite
-resource_ actually creates the resources.
-
-A _composition_ defines what _composite resources_ can use this
-template. 
+Like any Kubernetes object the API has a 
+{{<hover label="exAPI" line="1">}}version{{</hover>}}, 
+{{<hover label="exAPI" line="2">}}kind{{</hover>}} and 
+{{<hover label="exAPI" line="5">}}spec{{</hover>}}.
 
-_Compositions_ do this with the 
-{{<hover label="compRef" line="6">}}spec.compositeTypeRef{{</ hover>}}
-definition.
-
-```yaml {label="compRef"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: Composition
-metadata:
-  name: dynamodb-with-bucket
-spec:
-  compositeTypeRef:
-    apiVersion: custom-api.example.org/v1alpha1
-    kind: database
-  resources:
-    # Removed for Brevity    
-```
+### Define a group and version
+To create your own API start by defining an 
+[API group](https://kubernetes.io/docs/reference/using-api/#api-groups) and 
+[version](https://kubernetes.io/docs/reference/using-api/#api-versioning).  
 
-A _composite resource_ is actually a custom Kubernetes API type you define. The
-platform team controls the kind, API endpoint and version.
+The _group_ can be any value, but common convention is to map to a fully
+qualified domain name. 
 
 <!-- vale gitlab.SentenceLength = NO -->
-<!-- Lenght is because of shortcodes, ignore -->
-With this {{<hover label="compRef" line="6">}}spec.compositeTypeRef{{</ hover>}}
-Crossplane only allows _composite resources_ from the API group
-{{<hover label="compRef" line="7">}}custom-api.example.org{{</ hover>}} 
-that are of
-{{<hover label="compRef" line="8">}}kind: database{{</ hover>}}
-to use this template to create resources. 
+The version shows how mature or stable the API is and increments when changing,
+adding or removing fields in the API.
 <!-- vale gitlab.SentenceLength = YES -->
 
-### Apply the composition
-Apply the full _Composition_ to your Kubernetes cluster.
-
-```yaml
-cat <<EOF | kubectl apply -f -
-apiVersion: apiextensions.crossplane.io/v1
-kind: Composition
-metadata:
-  name: dynamo-with-bucket
-spec:
-  compositeTypeRef:
-    apiVersion: custom-api.example.org/v1alpha1
-    kind: database
-  resources:
-    - name: s3Bucket
-      base:
-        apiVersion: s3.aws.upbound.io/v1beta1
-        kind: Bucket
-        metadata:
-          name: crossplane-quickstart-bucket
-        spec:
-          forProvider:
-            region: us-east-2
-          providerConfigRef:
-            name: default
-    - name: dynamoDB
-      base:
-        apiVersion: dynamodb.aws.upbound.io/v1beta1
-        kind: Table
-        metadata:
-          name: crossplane-quickstart-database
-        spec:
-          forProvider:
-            region: "us-east-2"
-            writeCapacity: 1
-            readCapacity: 1
-            attribute:
-              - name: S3ID
-                type: S
-            hashKey: S3ID
-EOF
-```
-
-Confirm the _composition_ exists with `kubectl get composition`
-
-```shell {copy-lines="1"}
-kubectl get composition
-NAME                 AGE
-dynamo-with-bucket   22s
-```
+Crossplane doesn't require specific versions or a specific version naming 
+convention, but following 
+[Kubernetes API versioning guidelines](https://kubernetes.io/docs/reference/using-api/#api-versioning)
+is strongly recommended. 
 
-## Define a composite resource
+* `v1alpha1` - A new API that may change at any time.
+* `v1beta1` - An existing API that's considered stable. Breaking changes are
+  strongly discouraged.
+* `v1` - A stable API that doesn't have breaking changes. 
 
-The _composition_ that was just created limited which _composite resources_ can
-use that template. 
+This guide uses the group 
+{{<hover label="version" line="1">}}database.example.com{{</hover>}}.
 
-A _composite resource_ is a custom API defined by the platform teams.  
-A _composite resource definition_ defines the schema for a _composite resource_.
+Since this is the first version of the API, this guide uses the version
+{{<hover label="version" line="1">}}v1alpha1{{</hover>}}.
 
-
-A _composite resource definition_ installs the custom API type into Kubernetes
-and defines what `spec` keys and values are valid when calling this new custom API.
-
-Before creating a _composite resource_ Crossplane requires a _composite resource definition_.
-
-{{< hint "tip" >}}
-_Composite resource definitions_ are also called `XRDs` for short. 
-{{< /hint >}}
-
-Just like a _composition_ the 
-{{<hover label="xrdName" line="2" >}}composite resource definition{{</hover>}} 
-is part of the 
-{{<hover label="xrdName" line="1" >}}Crossplane{{</hover>}}
-API group.
-
-The _XRD_ {{<hover label="xrdName" line="4" >}}name{{</hover>}} is the new
-API endpoint.
-
-```yaml {label="xrdName"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: CompositeResourceDefinition
-metadata:
-  name: databases.custom-api.example.org
+```yaml {label="version",copy-lines="none"}
+apiVersion: database.example.com/v1alpha1
 ```
 
-The _XRD's_
-{{<hover label="xrdGroup" line="5" >}}spec{{</hover>}} defines the new custom
-API.
+### Define a kind
 
-### Define the API endpoint and kind
-First, define the new API
-{{<hover label="xrdGroup" line="6" >}}group{{</hover>}}.  
-Next, create the API {{<hover label="xrdGroup" line="8" >}}kind{{</hover>}} and
-{{<hover label="xrdGroup" line="9" >}}plural{{</hover>}}.
+The API group is a logical collection of related APIs. Within a group are
+individual kinds representing different resources.
 
-```yaml {label="xrdGroup"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: CompositeResourceDefinition
-metadata:
-  name: databases.custom-api.example.org
-spec:
-  group: custom-api.example.org
-  names:
-    kind: database
-    plural: databases
-```
+For example a `database` group may have a `Relational` and `NoSQL` kinds.
 
-{{<hint "note" >}}
-The _XRD_ {{<hover label="xrdGroup" line="6" >}}group{{</hover>}} matches the _composition_ {{<hover label="noteComp"
-line="5">}}apiVersion{{</hover>}} and the 
-_XRD_ {{<hover label="xrdGroup" line="8" >}}kind{{</hover>}} matches the _composition_ 
-{{<hover label="noteComp" line="6">}}kind{{</hover>}} under the {{<hover label="noteComp" line="4">}}compositeTypeRef{{</hover>}}.
+The `kind` can be anything, but it must be 
+[UpperCamelCased](https://kubernetes.io/docs/contribute/style/style-guide/#use-upper-camel-case-for-api-objects).
 
-```yaml {label="noteComp"}
-kind: Composition
-# Removed for brevity
-spec:
-  compositeTypeRef:
-    apiVersion: custom-api.example.org/v1alpha1
-    kind: database
-```
-{{< /hint >}}
-
-### Set the API version
-In Kubernetes, all API endpoints have a version to tell the stability of the API
-and track revisions. 
-
-Apply a version to the _XRD_ with a 
-{{<hover label="xrdVersion" line="11">}}versions.name{{</hover>}}. 
-This matches the {{<hover label="noteComp"
-line="5">}}apiVersion{{</hover>}} used in the _composition's_ 
-{{<hover label="noteComp" line="4">}}compositeTypeRef{{</hover>}}.
+This API's kind is 
+{{<hover label="kind" line="2">}}NoSQL{{</hover>}}
 
-_XRDs_ require both
-{{<hover label="xrdVersion" line="12">}}versions.served{{</hover>}}
-and
-{{<hover label="xrdVersion" line="13">}}versions.referenceable{{</hover>}}.
-
-```yaml {label="xrdVersion"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: CompositeResourceDefinition
-metadata:
-  name: custom-api-definition
-spec:
-  group: custom-api.example.org
-  names:
-    kind: database
-    plural: databases
-  versions:
-  - name: v1alpha1
-    served: true
-    referenceable: true
+```yaml {label="kind",copy-lines="none"}
+apiVersion: database.example.com/v1alpha1
+kind: NoSQL
 ```
 
-{{<hint "note" >}}
-For more information on defining versions in Kubernetes read the 
-[API versioning](https://kubernetes.io/docs/reference/using-api/#api-versioning) section of the Kubernetes documentation.
-{{< /hint >}}
-
-### Create the API schema
-With an API endpoint named, now define the API schema, or what's allowed
-inside the `spec` of the new Kubernetes object.
+### Define a spec
 
-{{< hint "note" >}}
-_XRDs_ follow the Kubernetes 
-[_custom resource definition_ rules for schemas](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#specifying-a-structural-schema). 
-{{</hint >}}
+The most important part of an API is the schema. The schema defines the inputs
+accepted from users. 
 
-Place the API 
-{{< hover label="xrdSchema" line="8" >}}schema{{</hover>}}
-under the 
-{{< hover label="xrdSchema" line="7" >}}version.name{{</hover>}} 
+This API allows users to provide a 
+{{<hover label="spec" line="4">}}location{{</hover>}} of where to run their 
+cloud resources.
 
-The _XRD_ type defines the next lines. They're always the same.
+All other resource settings can't be configurable by the users. This allows
+Crossplane to enforce any policies and standards without worrying about
+user errors. 
 
-<!-- vale write-good.TooWordy = NO -->
-<!-- allow "validate" -->
-{{< hover label="xrdSchema" line="9" >}}openAPIV3Schema{{</hover>}} specifies
-how the schema gets validated.
-<!-- vale write-good.TooWordy = YES -->
-
-Next, the entire API is an 
-{{< hover label="xrdSchema" line="10" >}}object{{</hover>}}
-with a
-{{< hover label="xrdSchema" line="11" >}}property{{</hover>}} of
-{{< hover label="xrdSchema" line="12" >}}spec{{</hover>}}.
-
-The 
-{{< hover label="xrdSchema" line="12" >}}spec{{</hover>}} is also an 
-{{< hover label="xrdSchema" line="13" >}}object{{</hover>}} with
-{{< hover label="xrdSchema" line="14" >}}properties{{</hover>}}.
-
-```yaml {label="xrdSchema"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: CompositeResourceDefinition
-# Removed for brevity
-spec:
-  # Removed for brevity
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        type: object
-        properties:
-          spec:
-            type: object
-            properties:
+```yaml {label="spec",copy-lines="none"}
+apiVersion: database.example.com/v1alpha1
+kind: NoSQL
+spec: 
+  location: "US"
 ```
 
-{{< hint "tip" >}}
-An _XRD_ is a Kubernetes _custom resource definition_.  
-For more information on the values allowed in the _XRD_ view the _XRD_ object with  
-`kubectl describe crd  compositeresourcedefinitions`
-{{< /hint >}}
+### Apply the API
 
-Now, define the custom API. Your custom API continues under the last
-{{<hover label="xrdSchema" line="14">}}properties{{</hover>}} definition in the
-previous example.
-
-This custom API has only one setting:
-<!-- vale Google.We = NO -->
-* {{<hover label="customAPI" line="4" >}}region{{</hover >}} - where to deploy
-the resources, a choice of "EU" or "US"
-
-
-Users can't change any other settings of the S3 bucket or DynamoDB instance. 
-
-The{{<hover label="customAPI" line="4" >}}region{{</hover >}}
-is a {{<hover label="customAPI" line="5" >}}string{{</hover >}}
-and can match the regular expression that's
-{{<hover label="customAPI" line="6" >}}oneOf{{</hover >}}
-{{<hover label="customAPI" line="7" >}}EU{{</hover >}}
-or
-{{<hover label="customAPI" line="8" >}}US{{</hover >}}.
-
-This API requires the setting 
-{{<hover label="customAPI" line="10" >}}region{{</hover >}}.
-
-
-```yaml {label="customAPI"}
-# Removed for brevity
-# schema.openAPIV3Schema.type.properties.spec
-properties:
-  region:
-    type: string
-    oneOf:
-      - pattern: '^EU$'
-      - pattern: '^US$'
-required:
-  - region
-```
+Crossplane uses 
+{{<hover label="xrd" line="3">}}Composite Resource Definitions{{</hover>}} 
+(also called an `XRD`) to install your custom API in
+Kubernetes. 
 
-### Enable claims to the API
-Allow a _claim_ to use this _XRD_ by defining the _claim_ API endpoint under the _XRD_ 
-{{<hover label="XRDclaim" line="4">}}spec{{< /hover >}}.
+The XRD {{<hover label="xrd" line="6">}}spec{{</hover>}} contains all the
+information about the API including the 
+{{<hover label="xrd" line="7">}}group{{</hover>}},
+{{<hover label="xrd" line="12">}}version{{</hover>}},
+{{<hover label="xrd" line="9">}}kind{{</hover>}} and 
+{{<hover label="xrd" line="13">}}schema{{</hover>}}.
 
-```yaml {label="XRDclaim"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: CompositeResourceDefinition
-# Removed for brevity
-spec:
-# Removed for brevity
-  claimNames:
-    kind: customDatabase
-    plural: customDatabases
-```
+The XRD's {{<hover label="xrd" line="5">}}name{{</hover>}} must be the
+combination of the {{<hover label="xrd" line="9">}}plural{{</hover>}} and 
+{{<hover label="xrd" line="7">}}group{{</hover>}}.
 
-{{<hint "note" >}}
-The [Claims](#create-a-claim) section later in this guide discusses _claims_.
-{{< /hint >}}
+The {{<hover label="xrd" line="13">}}schema{{</hover>}} uses the
+{{<hover label="xrd" line="14">}}OpenAPIv3{{</hover>}} specification to define
+the API {{<hover label="xrd" line="17">}}spec{{</hover>}}.  
 
-### Apply the composite resource definition
-Apply the complete _XRD_ to your Kubernetes cluster.
+The API defines a {{<hover label="xrd" line="20">}}location{{</hover>}} that
+must be {{<hover label="xrd" line="22">}}oneOf{{</hover>}} either 
+{{<hover label="xrd" line="23">}}EU{{</hover>}} or 
+{{<hover label="xrd" line="24">}}US{{</hover>}}.
 
+Apply this XRD to create the custom API in your Kubernetes cluster. 
 
-```yaml
+```yaml {label="xrd",copy-lines="all"}
 cat <<EOF | kubectl apply -f -
 apiVersion: apiextensions.crossplane.io/v1
 kind: CompositeResourceDefinition
 metadata:
-  name: databases.custom-api.example.org
+  name: nosqls.database.example.com
 spec:
-  group: custom-api.example.org
+  group: database.example.com
   names:
-    kind: database
-    plural: databases
+    kind: NoSQL
+    plural: nosqls
   versions:
   - name: v1alpha1
-    served: true
-    referenceable: true
     schema:
       openAPIV3Schema:
         type: object
@@ -561,370 +226,331 @@ spec:
           spec:
             type: object
             properties:
-              region:
+              location:
                 type: string
                 oneOf:
                   - pattern: '^EU$'
                   - pattern: '^US$'
             required:
-              - region
+              - location
+    served: true
+    referenceable: true
   claimNames:
-    kind: custom-database
-    plural: custom-databases
+    kind: NoSQLClaim
+    plural: nosqlclaim
 EOF
 ```
 
-Verify Kubernetes created the XRD with `kubectl get xrd`
+Adding the {{<hover label="xrd" line="29">}}claimNames{{</hover>}} allows users
+to access this API either at the cluster level with the 
+{{<hover label="xrd" line="9">}}nosql{{</hover>}} endpoint or in a namespace
+with the 
+{{<hover label="xrd" line="29">}}nosqlclaim{{</hover>}} endpoint. 
 
-```shell {copy-lines="1",label="getXRD"}
-kubectl get xrd
-NAME                               ESTABLISHED   OFFERED   AGE
-databases.custom-api.example.org   True          True      9s
-```
+The namespace scoped API is a Crossplane _Claim_.
 
+{{<hint "tip" >}}
+For more details on the fields and options of Composite Resource Definitions
+read the 
+[XRD documentation]({{<ref "../concepts/composite-resource-definitions">}}). 
+{{< /hint >}}
 
-## Create a composite resource
-Creating an _XRD_ allows the creation _composite resources_.
-
-_Composite resources_ are a convenient way to create multiple resources with a standard template. 
+View the installed XRD with `kubectl get xrd`.  
 
-A _composite resource_ uses the custom API created in the _XRD_.
+```shell {copy-lines="1"}
+kubectl get xrd
+NAME                          ESTABLISHED   OFFERED   AGE
+nosqls.database.example.com   True          True      2s
+```
 
-Looking at part of the _XRD_:
+View the new custom API endpoints with `kubectl api-resources | grep nosql`
 
-```yaml {label="xrdSnip"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: CompositeResourceDefinition
-# Removed for brevity
-spec:
-  group: custom-api.example.org
-  names:
-    kind: database
-# Removed for brevity
-      spec:
-        type: object
-        properties:
-          region:
-            type: string
-            oneOf:
-              - pattern: '^EU$'
-              - pattern: '^US$'
+```shell {copy-lines="1",label="apiRes"}
+kubectl api-resources | grep nosql
+nosqlclaim                                     database.example.com/v1alpha1          true         NoSQLClaim
+nosqls                                         database.example.com/v1alpha1          false        NoSQL
 ```
 
-The _XRD_ {{<hover label="xrdSnip" line="5">}}group{{</hover>}}
-becomes the _composite resource_ 
-{{<hover label="xr" line="2">}}apiVersion{{</hover>}}.
+## Create a deployment template
 
-The _XRD_ {{<hover label="xrdSnip" line="7">}}kind{{</hover>}}
-is the _composite resource_ 
-{{<hover label="xr" line="3">}}kind{{</hover>}}
+When users access the custom API Crossplane takes their inputs and combines them
+with a template describing what infrastructure to deploy. Crossplane calls this
+template a _Composition_.
 
-The _XRD_ API {{<hover label="xrdSnip" line="9">}}spec{{</hover>}} defines the
-_composite resource_ {{<hover label="xr" line="6">}}spec{{</hover>}}.
+The {{<hover label="comp" line="3">}}Composition{{</hover>}} defines all the 
+cloud resources to deploy.
+Each entry in the template
+is a full resource definitions, defining all the resource settings and metadata
+like labels and annotations. 
 
-The _XRD_ {{<hover label="xrdSnip" line="11">}}properties{{</hover>}} section
-defines the options for the _composite resource_ 
-{{<hover label="xr" line="6">}}spec{{</hover>}}.
+This template creates an AWS 
+{{<hover label="comp" line="13">}}S3{{</hover>}}
+{{<hover label="comp" line="14">}}Bucket{{</hover>}} and a 
+{{<hover label="comp" line="33">}}DynamoDB{{</hover>}}
+{{<hover label="comp" line="34">}}Table{{</hover>}}.
 
-The one option is {{<hover label="xrdSnip" line="12">}}region{{</hover>}} and it
-can be either {{<hover label="xrdSnip" line="15">}}EU{{</hover>}} or 
-{{<hover label="xrdSnip" line="16">}}US{{</hover>}}. 
+Crossplane uses {{<hover label="comp" line="19">}}patches{{</hover>}} to apply
+the user's input to the resource template.  
+This Composition takes the user's 
+{{<hover label="comp" line="21">}}location{{</hover>}} input and uses it as the 
+{{<hover label="comp" line="16">}}region{{</hover>}} used in the individual 
+resource.
 
-This _composite resource_ uses 
-{{<hover label="xr" line="7">}}region: US{{</hover>}}.
-<!-- vale Google.We = YES -->
-### Apply the composite resource
+Apply this Composition to your cluster. 
 
-Apply the composite resource to the Kubernetes cluster. 
-
-```yaml {label="xr"}
+```yaml {label="comp",copy-lines="all"}
 cat <<EOF | kubectl apply -f -
-apiVersion: custom-api.example.org/v1alpha1
-kind: database
+apiVersion: apiextensions.crossplane.io/v1
+kind: Composition
 metadata:
-  name: my-composite-resource
-spec: 
-  region: "US"
+  name: dynamo-with-bucket
+spec:
+  resources:
+    - name: s3Bucket
+      base:
+        apiVersion: s3.aws.upbound.io/v1beta1
+        kind: Bucket
+        metadata:
+          name: crossplane-quickstart-bucket
+        spec:
+          forProvider:
+            region: us-east-2
+          providerConfigRef:
+            name: default
+      patches:
+        - type: FromCompositeFieldPath
+          fromFieldPath: "location"
+          toFieldPath: "spec.forProvider.region"
+          transforms:
+            - type: map
+              map: 
+                EU: "eu-north-1"
+                US: "us-east-2"
+    - name: dynamoDB
+      base:
+        apiVersion: dynamodb.aws.upbound.io/v1beta1
+        kind: Table
+        metadata:
+          name: crossplane-quickstart-database
+        spec:
+          forProvider:
+            region: "us-east-2"
+            writeCapacity: 1
+            readCapacity: 1
+            attribute:
+              - name: S3ID
+                type: S
+            hashKey: S3ID
+      patches:
+        - type: FromCompositeFieldPath
+          fromFieldPath: "location"
+          toFieldPath: "spec.forProvider.region"
+          transforms:
+            - type: map
+              map: 
+                EU: "eu-north-1"
+                US: "us-east-2"
+  compositeTypeRef:
+    apiVersion: database.example.com/v1alpha1
+    kind: NoSQL
 EOF
 ```
 
-### Verify the composite resource
-Verify Crossplane created the _composite resource_ with `kubectl get composite`
+The {{<hover label="comp" line="52">}}compositeTypeRef{{</hover >}} defines
+which custom APIs can use this template to create resources.
 
-```shell {copy-lines="1"}
-kubectl get composite
-NAME                    SYNCED   READY   COMPOSITION          AGE
-my-composite-resource   True     True    dynamo-with-bucket   31s
-```
+{{<hint "tip" >}}
+Read the [Composition documentation]({{<ref "../concepts/compositions">}}) for
+more information on configuring Compositions and all the available options.
 
-The output mentions the _composite_ template that the _composite resource_ used.
+Read the 
+[Patch and Transform documentation]({{<ref "../concepts/patch-and-transform">}}) 
+for more information on how Crossplane uses patches to map user inputs to
+Composition resource templates.
+{{< /hint >}}
 
-Now look at the S3 `bucket` and DynmoDB `table` _managed resources_ with
-`kubectl get bucket` and `kubectl get table`.
+View the Composition with `kubectl get composition`
 
 ```shell {copy-lines="1"}
-kubectl get bucket
-NAME                          READY   SYNCED   EXTERNAL-NAME                 AGE
-my-composite-resource-8b6tx   True    True     my-composite-resource-8b6tx   56s
+kubectl get composition
+NAME                 XR-KIND   XR-APIVERSION                   AGE
+dynamo-with-bucket   NoSQL     database.example.com/v1alpha1   3s
 ```
 
-```shell {copy-lines="1"}
-kubectl get table
-NAME                          READY   SYNCED   EXTERNAL-NAME                 AGE
-my-composite-resource-m6vk6   True    True     my-composite-resource-m6vk6   59s
+## Install the DynamoDB Provider
+
+Part 1 only installed the AWS S3 Provider. Deploying a DynamoDB Table requires
+the DynamoDB Provider as well. 
+
+Add the new Provider to the cluster. 
+
+```yaml
+cat <<EOF | kubectl apply -f -
+apiVersion: pkg.crossplane.io/v1
+kind: Provider
+metadata:
+  name: provider-aws-dynamodb
+spec:
+  package: xpkg.upbound.io/upbound/provider-aws-dynamodb:v0.37.0
+EOF
 ```
 
-The _composite resource_ automatically generated both _managed resources_.
+View the new DynamoDB provider with `kubectl get providers`.
 
-Using `kubectl describe` on a _managed resource_ shows the `Owner References` is
-the _composite resource_.
 
-```yaml {copy-lines="1"}
-kubectl describe bucket | grep "Owner References" -A5
-  Owner References:
-    API Version:           custom-api.example.org/v1alpha1
-    Block Owner Deletion:  true
-    Controller:            true
-    Kind:                  database
-    Name:                  my-composite-resource
+```shell {copy-lines="1"}
+kubectl get providers
+NAME                          INSTALLED   HEALTHY   PACKAGE                                                 AGE
+provider-aws-dynamodb         True        True      xpkg.upbound.io/upbound/provider-aws-dynamodb:v0.37.0   13m
+provider-aws-s3               True        True      xpkg.upbound.io/upbound/provider-aws-s3:v0.37.0         14m
+upbound-provider-family-aws   True        True      xpkg.upbound.io/upbound/provider-family-aws:v0.37.0     14m
 ```
 
-Each _composite resource_ creates and owns a unique set of _managed resources_.
-If you create a second _composite resource_ Crossplane creates a new S3 `bucket`
-and DynamoDB `table`.
+## Access the custom API
 
-```yaml {label="xr"}
+With the custom API (XRD) installed and associated to a resource template
+(Composition) users can access the API to create resources.
+
+Create a {{<hover label="xr" line="2">}}NoSQL{{</hover>}} object to create the
+cloud resources.
+
+```yaml {copy-lines="all",label="xr"}
 cat <<EOF | kubectl apply -f -
-apiVersion: custom-api.example.org/v1alpha1
-kind: database
+apiVersion: database.example.com/v1alpha1
+kind: NoSQL
 metadata:
-  name: my-second-composite-resource
+  name: my-nosql-database
 spec: 
-  region: "US"
+  location: "US"
 EOF
 ```
 
-Again, use `kubectl get composite` to view both _composite resources_.
+View the resource with `kubectl get nosql`.
 
 ```shell {copy-lines="1"}
-kubectl get composite
-NAME                           SYNCED   READY   COMPOSITION          AGE
-my-composite-resource          True     True    dynamo-with-bucket   2m21s
-my-second-composite-resource   True     True    dynamo-with-bucket   42s
+kubectl get nosql
+NAME                SYNCED   READY   COMPOSITION          AGE
+my-nosql-database   True     True    dynamo-with-bucket   3m35s
 ```
 
-And see there are two `bucket` and two `table` _managed resources_.
+This object is a Crossplane _composite resource_ (also called an `XR`).  
+It's a
+single object representing the collection of resources created from the
+Composition template. 
 
-```shell {copy-lines="1"}
-kubectl get bucket
-NAME                                 READY   SYNCED   EXTERNAL-NAME                        AGE
-my-composite-resource-8b6tx          True    True     my-composite-resource-8b6tx          2m57s
-my-second-composite-resource-z22lc   True    True     my-second-composite-resource-z22lc   78s
-```
+View the individual resources with `kubectl get managed`
 
 ```shell {copy-lines="1"}
-kubectl get table
-NAME                                 READY   SYNCED   EXTERNAL-NAME                        AGE
-my-composite-resource-m6vk6          True    True     my-composite-resource-m6vk6          3m
-my-second-composite-resource-nsz6j   True    True     my-second-composite-resource-nsz6j   81s
-```
-
-### Delete the composite resources
-Because the _composite resource_ is the `Owner` of the _managed resources_, when
-Crossplane deletes the _composite resource_, it also deletes the _managed resources_ automatically.
+kubectl get managed
+NAME                                                    READY   SYNCED   EXTERNAL-NAME             AGE
+table.dynamodb.aws.upbound.io/my-nosql-database-r94gq   True    True     my-nosql-database-r94gq   5m28s
 
-Delete the new _composite resource_ with `kubectl delete composite`.
-
-```shell
-kubectl delete composite my-second-composite-resource
+NAME                                               READY   SYNCED   EXTERNAL-NAME             AGE
+bucket.s3.aws.upbound.io/my-nosql-database-2j65t   True    True     my-nosql-database-2j65t   5m28s
 ```
 
-{{<hint "note">}}
-There may a delay in deleting the _managed resources_. Crossplane is making API
-calls to AWS and waits for AWS to confirm they deleted the resources before
-updating the state in Kubernetes.
-{{</hint >}}
-
-Now only one bucket and table exist.
+Delete the resources with `kubectl delete nosql`.
 
 ```shell {copy-lines="1"}
-kubectl get bucket
-NAME                                 READY   SYNCED   EXTERNAL-NAME                        AGE
-my-composite-resource-8b6tx   True    True     my-composite-resource-8b6tx   7m34s
+kubectl delete nosql my-nosql-database
+nosql.database.example.com "my-nosql-database" deleted
 ```
 
-```shell {copy-lines="1"}
-kubectl get table
-NAME                                 READY   SYNCED   EXTERNAL-NAME                        AGE
-my-composite-resource-m6vk6   True    True     my-composite-resource-m6vk6   7m37s
-```
+Verify Crossplane deleted the resources with `kubectl get managed`
 
-Delete the second _composite resource_ to remove the last `bucket` and `table`
-_managed resources_.
+{{<hint "note" >}}
+It may take up to 5 minutes to delete the resources.
+{{< /hint >}}
 
-```shell
-kubectl delete composite my-composite-resource
+```shell {copy-lines="1"}
+kubectl get managed
+No resources found
 ```
 
-_Composite resources_ are great for creating multiple related resources against
-a template, but all _composite resources_ exist at the Kubernetes "cluster
-level." There's no isolation between _composite resources_. Crossplane uses
-_claims_ to create resources with namespace isolation. 
+## Using the API with namespaces
 
-## Create a claim
+Accessing the API `nosql` happens at the cluster scope.  
+Most organizations
+isolate their users into namespaces.  
 
-_Claims_, just like _composite resources_ use the custom API defined in the
-_XRD_. Unlike a _composite resource_, Crossplane can create _claims_ in a
-namespace.
+A Crossplane _Claim_ is the custom API within a namespace.
 
-### Create a new Kubernetes namespace
-Create a new namespace with `kubectl create namespace`.
-
-```shell
-kubectl create namespace test
-```
+Creating a _Claim_ is just like accessing the custom API endpoint, but with the
+{{<hover label="claim" line="3">}}kind{{</hover>}} 
+from the custom API's `claimNames`.
 
-A _claim_ uses the same {{<hover label="XRDclaim2" line="7" >}}group{{</hover>}}
-a _composite resource_ uses but a different 
-{{<hover label="XRDclaim2" line="8" >}}kind{{</hover>}}.
+Create a new namespace to test create a Claim in. 
 
-```yaml {label="XRDclaim2"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: CompositeResourceDefinition
-# Removed for brevity
-spec:
-# Removed for brevity
-  group: custom-api.example.org
-  claimNames:
-    kind: custom-database
-    plural: custom-databases
+```shell
+kubectl create namespace crossplane-test
 ```
 
-Like the _composite resource_, create a new object with the 
-{{<hover label="claim" line="2" >}}custom-api.example.org{{</hover>}} API
-endpoint.
-
-The _XRD_
-{{<hover label="XRDclaim2" line="8" >}}ClaimNames.kind{{</hover>}} defines the
-{{<hover label="claim" line="3" >}}kind{{</hover>}}.
-
-The {{<hover label="claim" line="7" >}}spec{{</hover>}} uses the same
-API options as the _composite resource_.
+Then create a Claim in the `crossplane-test` namespace.
 
-### Apply the claim
-Apply the _claim_ to your Kubernetes cluster.
-
-```yaml {label="claim"}
+```yaml {label="claim",copy-lines="all"}
 cat <<EOF | kubectl apply -f -
-apiVersion: custom-api.example.org/v1alpha1
-kind: custom-database
+apiVersion: database.example.com/v1alpha1
+kind: NoSQLClaim
 metadata:
-  name: claimed-database
-  namespace: test
-spec:
-  region: "US"
+  name: my-nosql-database
+  namespace: crossplane-test
+spec: 
+  location: "US"
 EOF
 ```
-
-### Verify the claim
-Verify Crossplane created the _claim_ with `kubectl get claim` in the `test`
-namespace.
+View the Claim with `kubectl get claim -n crossplane-test`.
 
 ```shell {copy-lines="1"}
-kubectl get claim -n test
-NAME               SYNCED   READY   CONNECTION-SECRET   AGE
-claimed-database   True     True                        35s
+kubectl get claim -n crossplane-test
+NAME                SYNCED   READY   CONNECTION-SECRET   AGE
+my-nosql-database   True     True                        42s
 ```
 
-When Crossplane creates a _claim_ a unique _composite resource_ is automatically
-created too. View the new _composite resource_ with `kubectl get composite`.
+The Claim automatically creates a composite resource, which creates the managed
+resources. 
+
+View the Crossplane created composite resource with `kubectl get composite`.
 
 ```shell {copy-lines="1"}
 kubectl get composite
-NAME                     SYNCED   READY   COMPOSITION          AGE
-claimed-database-6xsgq   True     True    dynamo-with-bucket   46s
+NAME                      SYNCED   READY   COMPOSITION          AGE
+my-nosql-database-t9qrw   True     True    dynamo-with-bucket   77s
 ```
 
-The _composite resource_ exists at the "cluster scope" while the _claim_ exists
-at the "namespace scope."
-
-Create a second namespace and a second claim.
-
-```shell
-kubectl create namespace test2
-cat <<EOF | kubectl apply -f -
-apiVersion: custom-api.example.org/v1alpha1
-kind: custom-database
-metadata:
-  name: claimed-database
-  namespace: test2
-spec:
-  region: "US"
-EOF
-```
-
-View the _claims_ in all namespaces with `kubectl get claim -A`
+Again, view the managed resources with `kubectl get managed`.
 
 ```shell {copy-lines="1"}
-kubectl get claim -A
-NAMESPACE   NAME               SYNCED   READY   CONNECTION-SECRET   AGE
-test        claimed-database   True     True                        4m32s
-test2       claimed-database   True     True                        43s
-```
-
-Now look at the _composite resources_ at the cluster scope.
+kubectl get managed
+NAME                                                          READY   SYNCED   EXTERNAL-NAME                   AGE
+table.dynamodb.aws.upbound.io/my-nosql-database-t9qrw-dcpwv   True    True     my-nosql-database-t9qrw-dcpwv   116s
 
-```shell
-kubectl get composite
-NAME                     SYNCED   READY   COMPOSITION          AGE
-claimed-database-6xsgq   True     True    dynamo-with-bucket   8m37s
-claimed-database-f54qv   True     True    dynamo-with-bucket   4m47s
+NAME                                                     READY   SYNCED   EXTERNAL-NAME                   AGE
+bucket.s3.aws.upbound.io/my-nosql-database-t9qrw-g98lv   True    True     my-nosql-database-t9qrw-g98lv   117s
 ```
 
-Crossplane created a second _composite resource_ for the second _claim_.
+Deleting the Claim deletes all the Crossplane generated resources.
 
-Looking at the S3 `bucket` and DynamoDB `table` shows two of each resource, one
-for each claim.
+`kubectl delete claim -n crossplane-test my-nosql-database`
 
 ```shell {copy-lines="1"}
-kubectl get bucket
-NAME                           READY   SYNCED   EXTERNAL-NAME                  AGE
-claimed-database-6xsgq-l9d8z   True    True     claimed-database-6xsgq-l9d8z   9m18s
-claimed-database-f54qv-9542v   True    True     claimed-database-f54qv-9542v   5m28s
+kubectl delete claim -n crossplane-test my-nosql-database
+nosqlclaim.database.example.com "my-nosql-database" deleted
 ```
 
-```shell {copy-lines="1"}
-kubectl get table
-NAME                           READY   SYNCED   EXTERNAL-NAME                  AGE
-claimed-database-6xsgq-nmxhs   True    True     claimed-database-6xsgq-nmxhs   11m
-claimed-database-f54qv-qrsdj   True    True     claimed-database-f54qv-qrsdj   7m24s
-```
+{{<hint "note" >}}
+It may take up to 5 minutes to delete the resources.
+{{< /hint >}}
 
-### Delete the claims
-Removing the _claims_ removes the _composite resources_ and the associated
-_managed resources_.
+Verify Crossplane deleted the composite resource with `kubectl get composite`.
 
-```shell
-kubectl delete claim claimed-database -n test
-kubectl delete claim claimed-database -n test2
+```shell {copy-lines="1"}
+kubectl get composite
+No resources found
 ```
 
-Verify Crossplane removed all the _managed resources_.
+Verify Crossplane deleted the managed resources with `kubectl get managed`.
 
-```shell
-kubectl get bucket
-kubectl get table
-```
-
-Claims are powerful tools to give users resources in their own isolated
-namespace. But these examples haven't shown how the custom API can change
-the settings defined in the _composition_. This _composition patching_ applies
-the API settings when creating resources. 
-[Part 3]({{< ref "provider-aws-part-3">}}) of this guide covers _composition
-patches_ and making all this configuration portable in Crossplane _packages_. 
-
-## Next steps
-* [**Continue to part 3**]({{< ref "provider-aws-part-3">}}) to create a learn
-  about _patching_ resources and creating Crossplane _packages_.
-* Explore AWS resources that Crossplane can configure in the [Provider CRD reference](https://marketplace.upbound.io/providers/upbound/provider-family-aws/).
-* Join the [Crossplane Slack](https://slack.crossplane.io/) and connect with Crossplane users and contributors.
\ No newline at end of file
+```shell {copy-lines="1"}
+kubectl get managed
+No resources found
+```
\ No newline at end of file
diff --git a/content/v1.13/getting-started/provider-aws-part-3.md b/content/v1.13/getting-started/provider-aws-part-3.md
deleted file mode 100644
index 47f14649b..000000000
--- a/content/v1.13/getting-started/provider-aws-part-3.md
+++ /dev/null
@@ -1,652 +0,0 @@
----
-title: AWS Quickstart Part 3
-weight: 120
-tocHidden: true
----
-
-{{< hint "important" >}}
-This guide is part 3 of a series. 
-
-Follow [**part 1**]({{<ref "provider-aws" >}}) 
-to install Crossplane and connect your Kubernetes cluster to AWS. 
-
-Follow [**part 2**]({{<ref "provider-aws-part-2" >}}) to create a _composition_,
-_custom resource definition_ and a _claim_.
-{{< /hint >}}
-
-[Part 2]({{<ref "provider-aws-part-2" >}}) created a _composite resource
-definition_ to define the schema of the custom API. Users create a _claim_ to
-use the custom API and apply their options. Part 2 didn't show how the options
-set in a _claim_ change or get applied the associated _composite resources_.
-
-## Prerequisites
-* Complete quickstart [part 1]({{<ref "provider-aws" >}}) and 
-  [Part 2]({{<ref "provider-aws-part-2" >}}) to install Crossplane and the quickstart
-  configurations.
-  
-{{<expand "Skip parts 1 and 2 and just get started" >}}
-1. Add the Crossplane Helm repository and install Crossplane
-```shell
-helm repo add \
-crossplane-stable https://charts.crossplane.io/stable
-helm repo update
-
-helm install crossplane \
-crossplane-stable/crossplane \
---namespace crossplane-system \
---create-namespace
-```
-
-2. When the Crossplane pods finish installing and are ready, apply the AWS Provider
-   
-```yaml {label="provider",copy-lines="all"}
-cat <<EOF | kubectl apply -f -
-apiVersion: pkg.crossplane.io/v1
-kind: Provider
-metadata:
-  name: upbound-provider-aws
-spec:
-  package: xpkg.upbound.io/upbound/provider-aws:v0.27.0
-EOF
-```
-
-3. Create a file with your AWS keys
-```ini
-[default]
-aws_access_key_id = <aws_access_key>
-aws_secret_access_key = <aws_secret_key>
-```
-
-4. Create a Kubernetes secret from the AWS keys
-```shell {label="kube-create-secret",copy-lines="all"}
-kubectl create secret \
-generic aws-secret \
--n crossplane-system \
---from-file=creds=./aws-credentials.txt
-```
-
-5. Create a _ProviderConfig_
-```yaml {label="providerconfig",copy-lines="all"}
-cat <<EOF | kubectl apply -f -
-apiVersion: aws.upbound.io/v1beta1
-kind: ProviderConfig
-metadata:
-  name: default
-spec:
-  credentials:
-    source: Secret
-    secretRef:
-      namespace: crossplane-system
-      name: aws-secret
-      key: creds
-EOF
-```
-
-6. Create a _composition_
-```yaml
-cat <<EOF | kubectl apply -f -
-apiVersion: apiextensions.crossplane.io/v1
-kind: Composition
-metadata:
-  name: dynamo-with-bucket
-spec:
-  compositeTypeRef:
-    apiVersion: custom-api.example.org/v1alpha1
-    kind: database
-  resources:
-    - name: s3Bucket
-      base:
-        apiVersion: s3.aws.upbound.io/v1beta1
-        kind: Bucket
-        metadata:
-          name: crossplane-quickstart-bucket
-        spec:
-          forProvider:
-            region: "us-east-2"
-    - name: dynamoDB
-      base:
-        apiVersion: dynamodb.aws.upbound.io/v1beta1
-        kind: Table
-        metadata:
-          name: crossplane-quickstart-database
-        spec:
-          forProvider:
-            region: "us-east-2"
-            writeCapacity: 1
-            readCapacity: 1
-            attribute:
-              - name: S3ID
-                type: S
-            hashKey: S3ID
-EOF
-```
-
-7. Create a _composite resource definition_
-```yaml
-cat <<EOF | kubectl apply -f -
-apiVersion: apiextensions.crossplane.io/v1
-kind: CompositeResourceDefinition
-metadata:
-  name: databases.custom-api.example.org
-spec:
-  group: custom-api.example.org
-  names:
-    kind: database
-    plural: databases
-  versions:
-  - name: v1alpha1
-    served: true
-    referenceable: true
-    schema:
-      openAPIV3Schema:
-        type: object
-        properties:
-          spec:
-            type: object
-            properties:
-              region:
-                type: string
-                oneOf:
-                  - pattern: '^EU$'
-                  - pattern: '^US$'
-            required:
-              - region
-  claimNames:
-    kind: custom-database
-    plural: custom-databases
-EOF
-```
-
-8. Create a new namespace
-```shell
-kubectl create namespace test
-```
-
-{{</expand >}}
-
-## Enable composition patches
-In a _composition_ `patches` map fields in the custom API to fields inside the
-_managed resources_.
-
-The _composition_ has two _managed resources_, a 
-{{<hover label="compResources" line="8">}}bucket{{</hover>}} and a
-{{<hover label="compResources" line="19">}}table{{</hover>}}.
-
-```yaml {label="compResources"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: Composition
-# Removed for Brevity
-resources:
-    - name: s3Bucket
-      base:
-        apiVersion: s3.aws.upbound.io/v1beta1
-        kind: Bucket
-        metadata:
-          name: crossplane-quickstart-bucket
-        spec:
-          forProvider:
-            region: "us-east-2"
-    - name: dynamoDB
-      base:
-        apiVersion: dynamodb.aws.upbound.io/v1beta1
-        kind: Table
-        metadata:
-          name: crossplane-quickstart-database
-        spec:
-          forProvider:
-            region: "us-east-2"
-            writeCapacity: 1
-            readCapacity: 1
-            attribute:
-              - name: S3ID
-                type: S
-            hashKey: S3ID
-```
-<!-- vale Google.We = NO -->
-The custom API defined a single option, 
-{{<hover label="xrdSnip" line="12">}}region{{</hover>}}. A 
-{{<hover label="xrdSnip" line="12">}}region{{</hover>}} can be either 
-{{<hover label="xrdSnip" line="15">}}EU{{</hover>}} or
-{{<hover label="xrdSnip" line="16">}}US{{</hover>}}. 
-<!-- vale Google.We = YES -->
-
-```yaml {label="xrdSnip"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: CompositeResourceDefinition
-# Removed for brevity
-spec:
-  group: custom-api.example.org
-  names:
-    kind: database
-# Removed for brevity
-      spec:
-        type: object
-        properties:
-          region:
-            type: string
-            oneOf:
-              - pattern: '^EU$'
-              - pattern: '^US$'
-```
-
-Creating a _composition_ `patch` allows Crossplane to update the settings of the
-_composite resource_. Patches apply to the individual _managed resources_
-inside the _composition_. 
-
-A {{<hover label="patch" line="12">}}patch{{</hover>}} has a
-{{<hover label="patch" line="13">}}fromField{{</hover>}} and a
-{{<hover label="patch" line="14">}}toField{{</hover>}} specifying which value
-_from_ the custom API should apply _to_ the _managed resource_.  
-Patches can create a 
-{{<hover label="patch" line="15">}}transform{{</hover>}} to change the _from_
-field before it's applied.  
-
-The transform
-{{<hover label="patch" line="16">}}type{{</hover>}} is what kind of change to
-make on the _from_ field. Types of changes could include appending a string,
-preforming a math operation or mapping one value to another. 
-
-Applying a {{<hover label="patch" line="12">}}patch{{</hover>}} to the 
-{{<hover label="patch" line="8">}}Bucket{{</hover>}} uses the custom API 
-{{<hover label="patch" line="13">}}region{{</hover>}} to use as the _managed resource_
-{{<hover label="patch" line="11">}}region{{</hover>}}. 
-
-<!-- vale Google.We = NO -->
-The custom API value "EU" is 
-{{<hover label="patch" line="18">}}mapped{{</hover>}} to the value "eu-north-1"
-and "US" is {{<hover label="patch" line="19">}}mapped{{</hover>}} to the value
-"us-east-2."
-<!-- vale Google.We = YES -->
-
-
-```yaml {label="patch"}
-apiVersion: apiextensions.crossplane.io/v1
-kind: Composition
-# Removed for Brevity
-resources:
-    - name: s3Bucket
-      base:
-        apiVersion: s3.aws.upbound.io/v1beta1
-        kind: Bucket
-        spec:
-          forProvider:
-            region: "us-east-2"
-      patches:
-        - fromFieldPath: "region"
-          toFieldPath: "spec.forProvider.region"
-          transforms:
-            - type: map
-              map: 
-                EU: "eu-north-1"
-                US: "us-east-2"
-```
-<!-- vale Google.We = NO -->
-Patching is a powerful tool enabling simpler or abstracted APIs. A developer
-isn't required to know the specific AWS region identifier, only the abstracted
-option of "EU" or "US."
-<!-- vale Google.We = YES -->
-
-### Apply the updated composition
-Apply the same `patch` to the `Table` _managed resource_ and apply the updated
-_composition_.
-
-```yaml
-cat <<EOF | kubectl apply -f -
-apiVersion: apiextensions.crossplane.io/v1
-kind: Composition
-metadata:
-  name: dynamo-with-bucket
-spec:
-  compositeTypeRef:
-    apiVersion: custom-api.example.org/v1alpha1
-    kind: database
-  resources:
-    - name: s3Bucket
-      base:
-        apiVersion: s3.aws.upbound.io/v1beta1
-        kind: Bucket
-        metadata:
-          name: crossplane-quickstart-bucket
-        spec:
-          forProvider:
-            name: default
-            region: "us-east-2"
-      patches:
-        - fromFieldPath: "spec.region"
-          toFieldPath: "spec.forProvider.region"
-          transforms:
-            - type: map
-              map: 
-                EU: "eu-north-1"
-                US: "us-east-2"
-    - name: dynamoDB
-      base:
-        apiVersion: dynamodb.aws.upbound.io/v1beta1
-        kind: Table
-        metadata:
-          name: crossplane-quickstart-database
-        spec:
-          forProvider:
-            writeCapacity: 1
-            readCapacity: 1
-            attribute:
-              - name: S3ID
-                type: S
-            hashKey: S3ID
-            region: "us-east-2"
-      patches:
-        - fromFieldPath: "spec.region"
-          toFieldPath: "spec.forProvider.region"
-          transforms:
-            - type: map
-              map: 
-                EU: "eu-north-1"
-                US: "us-east-2"
-EOF
-```
-
-### Create a claim
-Create a new _claim_ and set the 
-{{<hover label="claim" line="8" >}}region{{</hover >}} to "EU."
-
-```yaml {label="claim"}
-cat <<EOF | kubectl apply -f -
-apiVersion: custom-api.example.org/v1alpha1
-kind: custom-database
-metadata:
-  name: claimed-eu-database
-  namespace: test
-spec:
-  region: "EU"
-EOF
-```
-
-View the _claim_ with `kubectl get claim`
-
-```shell
-kubectl get claim -n test
-NAME                  SYNCED   READY   CONNECTION-SECRET   AGE
-claimed-eu-database   True     True                        18m
-```
-
-The claim reports `SYNCED` and `READY` as `True` after Crossplane creates
-all the _managed resources_.
-
-Describe the `Table` resource to see the AWS region is `eu-north-1`.
-
-```shell
-kubectl describe table | grep arn:aws
-    Arn:           arn:aws:dynamodb:eu-north-1:622343227358:table/claimed-eu-database-2sh9w-dhvw6
-```
-
-<!-- vale Google.We = NO -->
-Using {{<hover label="claim" line="8" >}}region: "EU"{{</hover >}} patches the
-_composite resource_, updating the AWS region from `us-east-2` to `eu-north-1`.
-The developer creating the claim isn't required to know which specific AWS 
-region or the naming conventions. Using the abstract API options of "EU" or "US" 
-the developer places their resources in the desired location.
-<!-- vale Google.We = YES -->
-
-Deleting the claim removes the _managed resources_.
-
-{{<hint "note" >}}
-The _managed resources_ take up to 5 minutes to delete.
-{{< /hint >}}
-
-```shell
-kubectl delete claim claimed-eu-database -n test
-```
-
-## Create a Crossplane configuration package
-
-Crossplane _configuration packages_ allow users to combine their _custom
-resource definition_ and _composition_ files into an OCI image. 
-
-{{< hint "note" >}}
-The [Open Container Initiative](https://opencontainers.org/faq/) 
-defines the OCI image standard.  
-An OCI images is a standard way to package data.
-{{< /hint >}}
-
-You can host configuration packages in image registries like 
-[Docker Hub](https://hub.docker.com/) or the
-[Upbound Marketplace](https://marketplace.upbound.io/). 
-
-Crossplane can download and install configuration packages into a Kubernetes
-cluster. 
-
-Creating a configuration package makes your Crossplane custom APIs portable
-and versioned. 
-
-Building and installing configuration packages requires an OCI image compatible
-tool. 
-
-{{< hint "note" >}}
-You can use any software that builds OCI images. This includes
-[Docker](https://www.docker.com/) or 
-[Upbound's Up CLI)](https://github.com/upbound/up).
-{{< /hint >}}
-
-A configuration package includes three files:
-* `crossplane.yaml` defines the metadata of the package.
-* `definition.yaml` is the _composite resource definition_ for the package.
-* `composition.yaml` is the _composition_ template for the package. 
-
-<!-- vale gitlab.Substitutions = NO -->
-<!-- yaml is in the filename -->
-### Create a crossplane.yaml file
-<!-- vale gitlab.Substitutions = YES -->
-Configuration packages describe their contents and requirements with a 
-`crossplane.yaml` file.
-
-The `crossplane.yaml` file lists the required Crossplane _providers_ and their
-compatible versions as well as the required Crossplane version. 
-
-The Crossplane
-{{<hover label="xpyaml" line="1" >}}meta.pkg{{</hover>}} API defines the schema
-for a 
-{{<hover label="xpyaml" line="2" >}}Configuration{{</hover>}}.
-
-Inside the {{<hover label="xpyaml" line="5" >}}spec{{</hover>}} define the
-required Crossplane
-{{<hover label="xpyaml" line="7" >}}version{{</hover>}}.
-
-The {{<hover label="xpyaml" line="8" >}}dependsOn{{</hover>}} section lists the
-dependencies for a package. 
-
-This package lists the Upbound 
-{{<hover label="xpyaml" line="9" >}}provider-aws{{</hover>}}
-version {{<hover label="xpyaml" line="10" >}}0.27.0{{</hover>}} or later as a
-dependency.
-
-{{<hint "tip" >}}
-Crossplane automatically installs dependencies. Dependencies can include other
-configuration packages.
-{{< /hint >}}
-
-```yaml {label="xpyaml"}
-apiVersion: meta.pkg.crossplane.io/v1
-kind: Configuration
-metadata:
-  name: crossplane-aws-quickstart
-spec:
-  crossplane:
-    version: ">=v1.11.0"
-  dependsOn:
-    - provider: xpkg.upbound.io/upbound/provider-aws
-      version: ">=v0.27.0"
-```
-
-Create a new directory and save the `crossplane.yaml` file.
-
-```yaml
-mkdir crossplane-aws-quickstart
-cat <<EOF > crossplane-aws-quickstart/crossplane.yaml
-apiVersion: meta.pkg.crossplane.io/v1
-kind: Configuration
-metadata:
-  name: crossplane-aws-quickstart
-spec:
-  crossplane:
-    version: ">=v1.11.0"
-  dependsOn:
-    - provider: xpkg.upbound.io/upbound/provider-aws
-      version: ">=v0.27.0"
-EOF
-```
-
-<!-- vale gitlab.Substitutions = NO -->
-<!-- yaml is in the filename -->
-### Create a definition.yaml file
-<!-- vale gitlab.Substitutions = YES -->
-
-A configuration package requires a _composite resource definition_ (XRD) to define the
-custom API.
-
-Save the _XRD_ as `definition.yaml` in the same directory as the
-`crossplane.yaml` file.
-
-```yaml
-cat <<EOF > crossplane-aws-quickstart/definition.yaml
-apiVersion: apiextensions.crossplane.io/v1
-kind: CompositeResourceDefinition
-metadata:
-  name: databases.custom-api.example.org
-spec:
-  group: custom-api.example.org
-  names:
-    kind: database
-    plural: databases
-  versions:
-  - name: v1alpha1
-    served: true
-    referenceable: true
-    schema:
-      openAPIV3Schema:
-        type: object
-        properties:
-          spec:
-            type: object
-            properties:
-              region:
-                type: string
-                oneOf:
-                  - pattern: '^EU$'
-                  - pattern: '^US$'
-            required:
-              - region
-  claimNames:
-    kind: custom-database
-    plural: custom-databases
-EOF
-```
-
-<!-- vale gitlab.Substitutions = NO -->
-<!-- yaml is in the filename -->
-### Create a composition.yaml file
-<!-- vale gitlab.Substitutions = YES -->
-
-The _composition_ template creates the _managed resources_ and allows _patches_
-to customize the _managed resources_.
-
-Copy the _composition_ into the `composition.yaml` file in the same directory as
-`crossplane.yaml`.
-
-```yaml
-cat <<EOF > crossplane-aws-quickstart/composition.yaml
-apiVersion: apiextensions.crossplane.io/v1
-kind: Composition
-metadata:
-  name: dynamo-with-bucket
-spec:
-  compositeTypeRef:
-    apiVersion: custom-api.example.org/v1alpha1
-    kind: database
-  resources:
-    - name: s3Bucket
-      base:
-        apiVersion: s3.aws.upbound.io/v1beta1
-        kind: Bucket
-        metadata:
-          name: crossplane-quickstart-bucket
-        spec:
-          providerConfigRef:
-            name: default
-        patches:
-        - fromFieldPath: "spec.region"
-          toFieldPath: "spec.forProvider.region"
-          transforms:
-             - type: map
-               map: 
-                EU: "eu-north-1"
-                US: "us-east-1"
-    - name: dynamoDB
-      base:
-        apiVersion: dynamodb.aws.upbound.io/v1beta1
-        kind: Table
-        metadata:
-          name: crossplane-quickstart-database
-        spec:
-          forProvider:
-            writeCapacity: 1
-            readCapacity: 1
-            attribute:
-              - name: S3ID
-                type: S
-            hashKey: S3ID
-      patches:
-        - fromFieldPath: "spec.region"
-          toFieldPath: "spec.forProvider.region"
-          transforms:
-            - type: map
-              map: 
-                EU: "eu-north-1"
-                US: "us-east-1"
-EOF
-```
-
-### Install the Crossplane command-line
-To build a configuration package install the Crossplane Kubernetes command-line
-extension. 
-
-```shell
-curl "https://raw.githubusercontent.com/crossplane/crossplane/master/install.sh"
-./install.sh
-sudo mv kubectl-crossplane /usr/bin
-```
-
-Verify the Crossplane command-line installed with `kubectl crossplane --help`
-
-```shell
-kubectl crossplane --help
-Usage: kubectl crossplane <command>
-
-A command line tool for interacting with Crossplane.
-
-Flags:
-  -h, --help       Show context-sensitive help.
-  -v, --version    Print version and quit.
-      --verbose    Print verbose logging statements.
-# Ouptut removed for brevity
-```
-
-### Build a configuration package
-
-Use the `kubectl crossplane` command to create an `.xpkg` file containing the
-custom APIs and Crossplane configuration.
-
-```shell
-kubectl crossplane build configuration -f crossplane-aws-quickstart/ --name="crossplane-aws-quickstart"
-```
-
-Now an `.xpkg` OCI image is inside the `crossplane-aws-quickstart` directory.
-
-```shell
-ls crossplane-aws-quickstart/
-composition.yaml  crossplane-aws-quickstart.xpkg  crossplane.yaml  definition.yaml
-```
-
-## Next steps
-* Explore AWS resources that Crossplane can configure in the [Provider CRD reference](https://marketplace.upbound.io/providers/upbound/provider-family-aws/).
-* Join the [Crossplane Slack](https://slack.crossplane.io/) and connect with Crossplane users and contributors.
-* Read more about [Crossplane concepts]({{<ref "../concepts" >}})
\ No newline at end of file
diff --git a/content/v1.13/getting-started/provider-aws.md b/content/v1.13/getting-started/provider-aws.md
index e5e47a415..4bf4b783f 100644
--- a/content/v1.13/getting-started/provider-aws.md
+++ b/content/v1.13/getting-started/provider-aws.md
@@ -3,1092 +3,97 @@ title: AWS Quickstart
 weight: 100
 ---
 
-Connect Crossplane to AWS to create and manage cloud resources from Kubernetes with the [Upbound AWS Provider](https://marketplace.upbound.io/providers/upbound/provider-aws).
+Connect Crossplane to AWS to create and manage cloud resources from Kubernetes 
+with the 
+[Upbound AWS Provider](https://marketplace.upbound.io/providers/upbound/provider-family-aws/v0.37.0).
 
-This guide is in three parts:
+This guide is in two parts:
 * Part 1 walks through installing Crossplane, configuring the provider to
 authenticate to AWS and creating a _Managed Resource_ in AWS directly from your
 Kubernetes cluster. This shows Crossplane can communicate with AWS.
-* [Part 2]({{< ref "provider-aws-part-2" >}}) creates a 
-_Composite Resource Definition_ (XRD), _Composite Resource_ (XR) and a _Claim_
-(XRC) to show how to create and use custom APIs.
-* [Part 3]({{< ref "provider-aws-part-3" >}}) demonstrates how to patch
-_Compositions_ with values used in a _Claim_ and how to build a Crossplane
-_Package_.
+* [Part 2]({{< ref "provider-aws-part-2" >}}) shows how to build and access a 
+  custom API with Crossplane.
+
 
 ## Prerequisites
 This quickstart requires:
-* a Kubernetes cluster with at least 6 GB of RAM
+* a Kubernetes cluster with at least 2 GB of RAM
 * permissions to create pods and secrets in the Kubernetes cluster
 * [Helm](https://helm.sh/) version v3.2.0 or later
 * an AWS account with permissions to create an S3 storage bucket
 * AWS [access keys](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-creds)
 
-## Install Crossplane
-
-Crossplane installs into an existing Kubernetes cluster. 
-
-{{< hint type="tip" >}}
-If you don't have a Kubernetes cluster create one locally with [Kind](https://kind.sigs.k8s.io/).
-{{< /hint >}}
-
-
-### Install the Crossplane Helm chart
-
-Helm enables Crossplane to install all its Kubernetes components through a _Helm Chart_.
-
-Enable the Crossplane Helm Chart repository:
-
-```shell
-helm repo add \
-crossplane-stable https://charts.crossplane.io/stable
-helm repo update
-```
-
-Run the Helm dry-run to see all the Crossplane components Helm installs.
-
-```shell
-helm install crossplane \
-crossplane-stable/crossplane \
---dry-run --debug \
---namespace crossplane-system \
---create-namespace
-```
-{{<expand "View the Helm dry-run" >}}
-```shell
-helm install crossplane \
-crossplane-stable/crossplane \
---dry-run --debug \
---namespace crossplane-system \
---create-namespace
-install.go:193: [debug] Original chart version: ""
-install.go:210: [debug] CHART PATH: /home/vagrant/.cache/helm/repository/crossplane-1.10.1.tgz
-
-NAME: crossplane
-LAST DEPLOYED: Thu Jan 19 15:52:08 2023
-NAMESPACE: crossplane-system
-STATUS: pending-install
-REVISION: 1
-TEST SUITE: None
-USER-SUPPLIED VALUES:
-{}
-
-COMPUTED VALUES:
-affinity: {}
-args: {}
-configuration:
-  packages: []
-customAnnotations: {}
-customLabels: {}
-deploymentStrategy: RollingUpdate
-extraEnvVarsCrossplane: {}
-extraEnvVarsRBACManager: {}
-image:
-  pullPolicy: IfNotPresent
-  repository: crossplane/crossplane
-  tag: v1.10.1
-imagePullSecrets: {}
-leaderElection: true
-metrics:
-  enabled: false
-nodeSelector: {}
-packageCache:
-  medium: ""
-  pvc: ""
-  sizeLimit: 5Mi
-podSecurityContextCrossplane: {}
-podSecurityContextRBACManager: {}
-priorityClassName: ""
-provider:
-  packages: []
-rbacManager:
-  affinity: {}
-  args: {}
-  deploy: true
-  leaderElection: true
-  managementPolicy: All
-  nodeSelector: {}
-  replicas: 1
-  skipAggregatedClusterRoles: false
-  tolerations: {}
-registryCaBundleConfig: {}
-replicas: 1
-resourcesCrossplane:
-  limits:
-    cpu: 100m
-    memory: 512Mi
-  requests:
-    cpu: 100m
-    memory: 256Mi
-resourcesRBACManager:
-  limits:
-    cpu: 100m
-    memory: 512Mi
-  requests:
-    cpu: 100m
-    memory: 256Mi
-securityContextCrossplane:
-  allowPrivilegeEscalation: false
-  readOnlyRootFilesystem: true
-  runAsGroup: 65532
-  runAsUser: 65532
-securityContextRBACManager:
-  allowPrivilegeEscalation: false
-  readOnlyRootFilesystem: true
-  runAsGroup: 65532
-  runAsUser: 65532
-serviceAccount:
-  customAnnotations: {}
-tolerations: {}
-webhooks:
-  enabled: false
-
-HOOKS:
-MANIFEST:
----
-# Source: crossplane/templates/rbac-manager-serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: rbac-manager
-  labels:
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
----
-# Source: crossplane/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: crossplane
-  labels:
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
----
-# Source: crossplane/templates/clusterrole.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: crossplane
-  labels:
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-aggregationRule:
-  clusterRoleSelectors:
-  - matchLabels:
-      rbac.crossplane.io/aggregate-to-crossplane: "true"
----
-# Source: crossplane/templates/clusterrole.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: crossplane:system:aggregate-to-crossplane
-  labels:
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-    crossplane.io/scope: "system"
-    rbac.crossplane.io/aggregate-to-crossplane: "true"
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - apiextensions.k8s.io
-  resources:
-  - customresourcedefinitions
-  verbs:
-  - "*"
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - serviceaccounts
-  - services
-  verbs:
-  - "*"
-- apiGroups:
-  - apiextensions.crossplane.io
-  - pkg.crossplane.io
-  - secrets.crossplane.io
-  resources:
-  - "*"
-  verbs:
-  - "*"
-- apiGroups:
-  - extensions
-  - apps
-  resources:
-  - deployments
-  verbs:
-  - get
-  - list
-  - create
-  - update
-  - patch
-  - delete
-  - watch
-- apiGroups:
-  - ""
-  - coordination.k8s.io
-  resources:
-  - configmaps
-  - leases
-  verbs:
-  - get
-  - list
-  - create
-  - update
-  - patch
-  - watch
-  - delete
-- apiGroups:
-  - admissionregistration.k8s.io
-  resources:
-  - validatingwebhookconfigurations
-  - mutatingwebhookconfigurations
-  verbs:
-  - get
-  - list
-  - create
-  - update
-  - patch
-  - watch
-  - delete
----
-# Source: crossplane/templates/rbac-manager-allowed-provider-permissions.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: crossplane:allowed-provider-permissions
-  labels:
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-aggregationRule:
-  clusterRoleSelectors:
-  - matchLabels:
-      rbac.crossplane.io/aggregate-to-allowed-provider-permissions: "true"
----
-# Source: crossplane/templates/rbac-manager-clusterrole.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: crossplane-rbac-manager
-  labels:
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - namespaces
-  - serviceaccounts
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - apiextensions.crossplane.io
-  resources:
-  - compositeresourcedefinitions
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - pkg.crossplane.io
-  resources:
-  - providerrevisions
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - apiextensions.k8s.io
-  resources:
-  - customresourcedefinitions
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - rbac.authorization.k8s.io
-  resources:
-  - clusterroles
-  - roles
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  # The RBAC manager may grant access it does not have.
-  - escalate
-- apiGroups:
-  - rbac.authorization.k8s.io
-  resources:
-  - clusterroles
-  verbs:
-  - bind
-- apiGroups:
-  - rbac.authorization.k8s.io
-  resources:
-  - clusterrolebindings
-  verbs:
-  - "*"
-- apiGroups:
-  - ""
-  - coordination.k8s.io
-  resources:
-  - configmaps
-  - leases
-  verbs:
-  - get
-  - list
-  - create
-  - update
-  - patch
-  - watch
-  - delete
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: crossplane-admin
-  labels:
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-aggregationRule:
-  clusterRoleSelectors:
-  - matchLabels:
-      rbac.crossplane.io/aggregate-to-admin: "true"
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: crossplane-edit
-  labels:
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-aggregationRule:
-  clusterRoleSelectors:
-  - matchLabels:
-      rbac.crossplane.io/aggregate-to-edit: "true"
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: crossplane-view
-  labels:
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-aggregationRule:
-  clusterRoleSelectors:
-  - matchLabels:
-      rbac.crossplane.io/aggregate-to-view: "true"
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: crossplane-browse
-  labels:
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-aggregationRule:
-  clusterRoleSelectors:
-  - matchLabels:
-      rbac.crossplane.io/aggregate-to-browse: "true"
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: crossplane:aggregate-to-admin
-  labels:
-    rbac.crossplane.io/aggregate-to-admin: "true"
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-rules:
-# Crossplane administrators have access to view events.
-- apiGroups: [""]
-  resources: [events]
-  verbs: [get, list, watch]
-# Crossplane administrators must create provider credential secrets, and may
-# need to read or otherwise interact with connection secrets. They may also need
-# to create or annotate namespaces.
-- apiGroups: [""]
-  resources: [secrets, namespaces]
-  verbs: ["*"]
-# Crossplane administrators have access to view the roles that they may be able
-# to grant to other subjects.
-- apiGroups: [rbac.authorization.k8s.io]
-  resources: [clusterroles, roles]
-  verbs: [get, list, watch]
-# Crossplane administrators have access to grant the access they have to other
-# subjects.
-- apiGroups: [rbac.authorization.k8s.io]
-  resources: [clusterrolebindings, rolebindings]
-  verbs: ["*"]
-# Crossplane administrators have full access to built in Crossplane types.
-- apiGroups:
-  - apiextensions.crossplane.io
-  resources: ["*"]
-  verbs: ["*"]
-- apiGroups:
-  - pkg.crossplane.io
-  resources: [providers, configurations, providerrevisions, configurationrevisions]
-  verbs: ["*"]
-# Crossplane administrators have access to view CRDs in order to debug XRDs.
-- apiGroups: [apiextensions.k8s.io]
-  resources: [customresourcedefinitions]
-  verbs: [get, list, watch]
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: crossplane:aggregate-to-edit
-  labels:
-    rbac.crossplane.io/aggregate-to-edit: "true"
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-rules:
-# Crossplane editors have access to view events.
-- apiGroups: [""]
-  resources: [events]
-  verbs: [get, list, watch]
-# Crossplane editors must create provider credential secrets, and may need to
-# read or otherwise interact with connection secrets.
-- apiGroups: [""]
-  resources: [secrets]
-  verbs: ["*"]
-# Crossplane editors may see which namespaces exist, but not edit them.
-- apiGroups: [""]
-  resources: [namespaces]
-  verbs: [get, list, watch]
-# Crossplane editors have full access to built in Crossplane types.
-- apiGroups:
-  - apiextensions.crossplane.io
-  resources: ["*"]
-  verbs: ["*"]
-- apiGroups:
-  - pkg.crossplane.io
-  resources: [providers, configurations, providerrevisions, configurationrevisions]
-  verbs: ["*"]
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: crossplane:aggregate-to-view
-  labels:
-    rbac.crossplane.io/aggregate-to-view: "true"
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-rules:
-# Crossplane viewers have access to view events.
-- apiGroups: [""]
-  resources: [events]
-  verbs: [get, list, watch]
-# Crossplane viewers may see which namespaces exist.
-- apiGroups: [""]
-  resources: [namespaces]
-  verbs: [get, list, watch]
-# Crossplane viewers have read-only access to built in Crossplane types.
-- apiGroups:
-  - apiextensions.crossplane.io
-  resources: ["*"]
-  verbs: [get, list, watch]
-- apiGroups:
-  - pkg.crossplane.io
-  resources: [providers, configurations, providerrevisions, configurationrevisions]
-  verbs: [get, list, watch]
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: crossplane:aggregate-to-browse
-  labels:
-    rbac.crossplane.io/aggregate-to-browse: "true"
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-rules:
-# Crossplane browsers have access to view events.
-- apiGroups: [""]
-  resources: [events]
-  verbs: [get, list, watch]
-# Crossplane browsers have read-only access to compositions and XRDs. This
-# allows them to discover and select an appropriate composition when creating a
-# resource claim.
-- apiGroups:
-  - apiextensions.crossplane.io
-  resources: ["*"]
-  verbs: [get, list, watch]
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-# The below ClusterRoles are aggregated to the namespaced RBAC roles created by
-# the Crossplane RBAC manager when it is running in --manage=All mode.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: crossplane:aggregate-to-ns-admin
-  labels:
-    rbac.crossplane.io/aggregate-to-ns-admin: "true"
-    rbac.crossplane.io/base-of-ns-admin: "true"
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-rules:
-# Crossplane namespace admins have access to view events.
-- apiGroups: [""]
-  resources: [events]
-  verbs: [get, list, watch]
-# Crossplane namespace admins may need to read or otherwise interact with
-# resource claim connection secrets.
-- apiGroups: [""]
-  resources: [secrets]
-  verbs: ["*"]
-# Crossplane namespace admins have access to view the roles that they may be
-# able to grant to other subjects.
-- apiGroups: [rbac.authorization.k8s.io]
-  resources: [roles]
-  verbs: [get, list, watch]
-# Crossplane namespace admins have access to grant the access they have to other
-# subjects.
-- apiGroups: [rbac.authorization.k8s.io]
-  resources: [rolebindings]
-  verbs: ["*"]
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: crossplane:aggregate-to-ns-edit
-  labels:
-    rbac.crossplane.io/aggregate-to-ns-edit: "true"
-    rbac.crossplane.io/base-of-ns-edit: "true"
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-rules:
-# Crossplane namespace editors have access to view events.
-- apiGroups: [""]
-  resources: [events]
-  verbs: [get, list, watch]
-# Crossplane namespace editors may need to read or otherwise interact with
-# resource claim connection secrets.
-- apiGroups: [""]
-  resources: [secrets]
-  verbs: ["*"]
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: crossplane:aggregate-to-ns-view
-  labels:
-    rbac.crossplane.io/aggregate-to-ns-view: "true"
-    rbac.crossplane.io/base-of-ns-view: "true"
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-rules:
-# Crossplane namespace viewers have access to view events.
-- apiGroups: [""]
-  resources: [events]
-  verbs: [get, list, watch]
----
-# Source: crossplane/templates/clusterrolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: crossplane
-  labels:
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: crossplane
-subjects:
-- kind: ServiceAccount
-  name: crossplane
-  namespace: crossplane-system
----
-# Source: crossplane/templates/rbac-manager-clusterrolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: crossplane-rbac-manager
-  labels:
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: crossplane-rbac-manager
-subjects:
-- kind: ServiceAccount
-  name: rbac-manager
-  namespace: crossplane-system
----
-# Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: crossplane-admin
-  labels:
-    app: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: crossplane-admin
-subjects:
-- apiGroup: rbac.authorization.k8s.io
-  kind: Group
-  name: crossplane:masters
----
-# Source: crossplane/templates/deployment.yaml
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: crossplane
-  labels:
-    app: crossplane
-    release: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: crossplane
-      release: crossplane
-  strategy:
-    type: RollingUpdate
-  template:
-    metadata:
-      labels:
-        app: crossplane
-        release: crossplane
-        helm.sh/chart: crossplane-1.10.1
-        app.kubernetes.io/managed-by: Helm
-        app.kubernetes.io/component: cloud-infrastructure-controller
-        app.kubernetes.io/part-of: crossplane
-        app.kubernetes.io/name: crossplane
-        app.kubernetes.io/instance: crossplane
-        app.kubernetes.io/version: "1.10.1"
-    spec:
-      securityContext:
-        {}
-      serviceAccountName: crossplane
-      initContainers:
-        - image: crossplane/crossplane:v1.10.1
-          args:
-          - core
-          - init
-          imagePullPolicy: IfNotPresent
-          name: crossplane-init
-          resources:
-            limits:
-              cpu: 100m
-              memory: 512Mi
-            requests:
-              cpu: 100m
-              memory: 256Mi
-          securityContext:
-            allowPrivilegeEscalation: false
-            readOnlyRootFilesystem: true
-            runAsGroup: 65532
-            runAsUser: 65532
-          env:
-          - name: POD_NAMESPACE
-            valueFrom:
-              fieldRef:
-                fieldPath: metadata.namespace
-          - name: POD_SERVICE_ACCOUNT
-            valueFrom:
-              fieldRef:
-                fieldPath: spec.serviceAccountName
-      containers:
-      - image: crossplane/crossplane:v1.10.1
-        args:
-        - core
-        - start
-        imagePullPolicy: IfNotPresent
-        name: crossplane
-        resources:
-            limits:
-              cpu: 100m
-              memory: 512Mi
-            requests:
-              cpu: 100m
-              memory: 256Mi
-        securityContext:
-            allowPrivilegeEscalation: false
-            readOnlyRootFilesystem: true
-            runAsGroup: 65532
-            runAsUser: 65532
-        env:
-          - name: POD_NAMESPACE
-            valueFrom:
-              fieldRef:
-                fieldPath: metadata.namespace
-          - name: LEADER_ELECTION
-            value: "true"
-        volumeMounts:
-          - mountPath: /cache
-            name: package-cache
-      volumes:
-      - name: package-cache
-        emptyDir:
-          medium:
-          sizeLimit: 5Mi
----
-# Source: crossplane/templates/rbac-manager-deployment.yaml
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: crossplane-rbac-manager
-  labels:
-    app: crossplane-rbac-manager
-    release: crossplane
-    helm.sh/chart: crossplane-1.10.1
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/component: cloud-infrastructure-controller
-    app.kubernetes.io/part-of: crossplane
-    app.kubernetes.io/name: crossplane
-    app.kubernetes.io/instance: crossplane
-    app.kubernetes.io/version: "1.10.1"
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: crossplane-rbac-manager
-      release: crossplane
-  strategy:
-    type: RollingUpdate
-  template:
-    metadata:
-      labels:
-        app: crossplane-rbac-manager
-        release: crossplane
-        helm.sh/chart: crossplane-1.10.1
-        app.kubernetes.io/managed-by: Helm
-        app.kubernetes.io/component: cloud-infrastructure-controller
-        app.kubernetes.io/part-of: crossplane
-        app.kubernetes.io/name: crossplane
-        app.kubernetes.io/instance: crossplane
-        app.kubernetes.io/version: "1.10.1"
-    spec:
-      securityContext:
-        {}
-      serviceAccountName: rbac-manager
-      initContainers:
-      - image: crossplane/crossplane:v1.10.1
-        args:
-        - rbac
-        - init
-        imagePullPolicy: IfNotPresent
-        name: crossplane-init
-        resources:
-            limits:
-              cpu: 100m
-              memory: 512Mi
-            requests:
-              cpu: 100m
-              memory: 256Mi
-        securityContext:
-            allowPrivilegeEscalation: false
-            readOnlyRootFilesystem: true
-            runAsGroup: 65532
-            runAsUser: 65532
-      containers:
-      - image: crossplane/crossplane:v1.10.1
-        args:
-        - rbac
-        - start
-        - --manage=All
-        - --provider-clusterrole=crossplane:allowed-provider-permissions
-        imagePullPolicy: IfNotPresent
-        name: crossplane
-        resources:
-            limits:
-              cpu: 100m
-              memory: 512Mi
-            requests:
-              cpu: 100m
-              memory: 256Mi
-        securityContext:
-            allowPrivilegeEscalation: false
-            readOnlyRootFilesystem: true
-            runAsGroup: 65532
-            runAsUser: 65532
-        env:
-          - name: LEADER_ELECTION
-            value: "true"
-
-NOTES:
-Release: crossplane
-
-Chart Name: crossplane
-Chart Description: Crossplane is an open source Kubernetes add-on that enables platform teams to assemble infrastructure from multiple vendors, and expose higher level self-service APIs for application teams to consume.
-Chart Version: 1.10.1
-Chart Application Version: 1.10.1
-
-Kube Version: v1.24.9
-```
-{{< /expand >}}
-
-Install the Crossplane components using `helm install`.
-
-```shell
-helm install crossplane \
-crossplane-stable/crossplane \
---namespace crossplane-system \
---create-namespace
-```
-
-Verify Crossplane installed with `kubectl get pods`.
-
-```shell {copy-lines="1"}
-kubectl get pods -n crossplane-system
-NAME                                      READY   STATUS    RESTARTS   AGE
-crossplane-d4cd8d784-ldcgb                1/1     Running   0          54s
-crossplane-rbac-manager-84769b574-6mw6f   1/1     Running   0          54s
-```
-
-Installing Crossplane creates new Kubernetes API end-points. Look at the new API end-points with `kubectl api-resources  | grep crossplane`.
-
-```shell  {label="grep",copy-lines="1"}
-kubectl api-resources  | grep crossplane
-compositeresourcedefinitions      xrd,xrds     apiextensions.crossplane.io/v1         false        CompositeResourceDefinition
-compositionrevisions                           apiextensions.crossplane.io/v1alpha1   false        CompositionRevision
-compositions                                   apiextensions.crossplane.io/v1         false        Composition
-configurationrevisions                         pkg.crossplane.io/v1                   false        ConfigurationRevision
-configurations                                 pkg.crossplane.io/v1                   false        Configuration
-controllerconfigs                              pkg.crossplane.io/v1alpha1             false        ControllerConfig
-locks                                          pkg.crossplane.io/v1beta1              false        Lock
-providerrevisions                              pkg.crossplane.io/v1                   false        ProviderRevision
-providers                                      pkg.crossplane.io/v1                   false        Provider
-storeconfigs                                   secrets.crossplane.io/v1alpha1         false        StoreConfig
-```
+{{<include file="/master/getting-started/install-crossplane-include.md" type="page" >}}
 
 ## Install the AWS provider
 
-Install the provider into the Kubernetes cluster with a Kubernetes configuration file. 
+Install the AWS S3 provider into the Kubernetes cluster with a Kubernetes 
+configuration file. 
 
 ```yaml {label="provider",copy-lines="all"}
 cat <<EOF | kubectl apply -f -
 apiVersion: pkg.crossplane.io/v1
 kind: Provider
 metadata:
-  name: upbound-provider-aws
+  name: provider-aws-s3
 spec:
-  package: xpkg.upbound.io/upbound/provider-aws:v0.27.0
+  package: xpkg.upbound.io/upbound/provider-aws-s3:v0.37.0
 EOF
 ```
 
-The Crossplane {{< hover label="provider" line="3" >}}Provider{{</hover>}} Custom Resource Definition tells Kubernetes how to
-connect to the provider.
+The Crossplane {{< hover label="provider" line="3" >}}Provider{{</hover>}}
+installs the Kubernetes _Custom Resource Definitions_ (CRDs) representing AWS S3
+services. These CRDs allow you to create AWS resources directly inside 
+Kubernetes.
 
 Verify the provider installed with `kubectl get providers`. 
 
-{{< hint type="note" >}}
-It may take up to five minutes for the provider to list `HEALTHY` as `True`. 
-{{< /hint >}}
 
-```shell {copy-lines="1"}
+```shell {copy-lines="1",label="getProvider"}
 kubectl get providers
-NAME                   INSTALLED   HEALTHY   PACKAGE                                        AGE
-upbound-provider-aws   True        True      xpkg.upbound.io/upbound/provider-aws:v0.27.0   12m
+NAME                          INSTALLED   HEALTHY   PACKAGE                                               AGE
+provider-aws-s3               True        True      xpkg.upbound.io/upbound/provider-aws-s3:v0.37.0       2m53s
+upbound-provider-family-aws   True        True      xpkg.upbound.io/upbound/provider-family-aws:v0.37.0   2m48s
 ```
 
-A provider installs their own Kubernetes _Custom Resource Definitions_ (CRDs). These CRDs allow you to create AWS resources directly inside Kubernetes.
+The S3 Provider installs a second Provider, the
+{{<hover label="getProvider" line="4">}}upbound-provider-family-aws{{</hover >}}.   
+The family provider manages authentication to AWS across all AWS family
+Providers. 
 
-You can view the new CRDs with `kubectl get crds`. Every CRD maps to a unique AWS service Crossplane can provision and manage.
 
+You can view the new CRDs with `kubectl get crds`.  
+Every CRD maps to a unique AWS service Crossplane can provision and manage.
 
 {{< hint type="tip" >}}
-See details about all the supported CRDs in the [Upbound Marketplace](https://marketplace.upbound.io/providers/upbound/provider-family-aws/).
+See details about all the supported CRDs in the 
+[Upbound Marketplace](https://marketplace.upbound.io/providers/upbound/provider-aws-s3/v0.37.0).
 {{< /hint >}}
 
 ## Create a Kubernetes secret for AWS
-The provider requires credentials to create and manage AWS resources. Providers use a Kubernetes _Secret_ to connect the credentials to the provider.
+The provider requires credentials to create and manage AWS resources.  
+Providers use a Kubernetes _Secret_ to connect the credentials to the provider.
 
-First generate a Kubernetes _Secret_ from your AWS key-pair and then configure the Provider to use it.
-
-{{< hint type="note" >}}
-Other authentication methods exist and are beyond the scope of this guide. The [Provider documentation](https://marketplace.upbound.io/providers/upbound/provider-aws/latest/docs/configuration) contains information on alternative authentication methods. 
-{{< /hint >}}
+Generate a Kubernetes _Secret_ from your AWS key-pair and 
+then configure the Provider to use it.
 
 ### Generate an AWS key-pair file
 For basic user authentication, use an AWS Access keys key-pair file. 
 
 {{< hint type="tip" >}}
-The [AWS documentation](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-creds) provides information on how to generate AWS Access keys.
+The [AWS documentation](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-creds) 
+provides information on how to generate AWS Access keys.
 {{< /hint >}}
 
 Create a text file containing the AWS account `aws_access_key_id` and `aws_secret_access_key`.  
 
+{{< editCode >}}
 ```ini {copy-lines="all"}
 [default]
-aws_access_key_id = <aws_access_key>
-aws_secret_access_key = <aws_secret_key>
+aws_access_key_id = $@<aws_access_key>$@
+aws_secret_access_key = $@<aws_secret_key>$@
 ```
+{{< /editCode >}}
 
 Save this text file as `aws-credentials.txt`.
 
@@ -1097,7 +102,13 @@ The [Configuration](https://marketplace.upbound.io/providers/upbound/provider-aw
 {{< /hint >}}
 
 ### Create a Kubernetes secret with the AWS credentials
-A Kubernetes generic secret has a name and contents. Use {{< hover label="kube-create-secret" line="1">}}kubectl create secret{{< /hover >}} to generate the secret object named {{< hover label="kube-create-secret" line="2">}}aws-secret{{< /hover >}} in the {{< hover label="kube-create-secret" line="3">}}crossplane-system{{</ hover >}} namespace.  
+A Kubernetes generic secret has a name and contents.  
+Use 
+{{< hover label="kube-create-secret" line="1">}}kubectl create secret{{</hover >}}  
+to generate the secret object named 
+{{< hover label="kube-create-secret" line="2">}}aws-secret{{< /hover >}}  
+in the {{< hover label="kube-create-secret" line="3">}}crossplane-system{{</ hover >}} namespace.  
+
 Use the {{< hover label="kube-create-secret" line="4">}}--from-file={{</hover>}} argument to set the value to the contents of the  {{< hover label="kube-create-secret" line="4">}}aws-credentials.txt{{< /hover >}} file.
 
 ```shell {label="kube-create-secret",copy-lines="all"}
@@ -1128,9 +139,12 @@ creds:  114 bytes
 ```
 
 ## Create a ProviderConfig
-A `ProviderConfig` customizes the settings of the AWS Provider.  
+A {{< hover label="providerconfig" line="3">}}ProviderConfig{{</ hover >}}
+customizes the settings of the AWS Provider.  
 
-Apply the {{< hover label="providerconfig" line="2">}}ProviderConfig{{</ hover >}} with the command:
+Apply the 
+{{< hover label="providerconfig" line="3">}}ProviderConfig{{</ hover >}} 
+with the this Kubernetes configuration file:
 ```yaml {label="providerconfig",copy-lines="all"}
 cat <<EOF | kubectl apply -f -
 apiVersion: aws.upbound.io/v1beta1
@@ -1147,13 +161,22 @@ spec:
 EOF
 ```
 
-This attaches the AWS credentials, saved as a Kubernetes secret, as a {{< hover label="providerconfig" line="9">}}secretRef{{</ hover>}}.
+This attaches the AWS credentials, saved as a Kubernetes secret, as a 
+{{< hover label="providerconfig" line="9">}}secretRef{{</ hover>}}.
 
-The {{< hover label="providerconfig" line="11">}}spec.credentials.secretRef.name{{< /hover >}} value is the name of the Kubernetes secret containing the AWS credentials in the {{< hover label="providerconfig" line="10">}}spec.credentials.secretRef.namespace{{< /hover >}}.
+The 
+{{< hover label="providerconfig" line="11">}}spec.credentials.secretRef.name{{< /hover >}} 
+value is the name of the Kubernetes secret containing the AWS credentials in the 
+{{< hover label="providerconfig" line="10">}}spec.credentials.secretRef.namespace{{< /hover >}}.
 
 
 ## Create a managed resource
-A _managed resource_ is anything Crossplane creates and manages outside of the Kubernetes cluster. This creates an AWS S3 bucket with Crossplane. The S3 bucket is a _managed resource_.
+A _managed resource_ is anything Crossplane creates and manages outside of the 
+Kubernetes cluster.  
+
+This guide creates an AWS S3 bucket with Crossplane.  
+
+The S3 bucket is a _managed resource_.
 
 {{< hint type="note" >}}
 AWS S3 bucket names must be globally unique. To generate a unique name the example uses a random hash. 
@@ -1175,13 +198,20 @@ spec:
 EOF
 ```
 
-The {{< hover label="xr" line="3">}}apiVersion{{< /hover >}} and {{< hover label="xr" line="4">}}kind{{</hover >}} are from the provider's CRDs.
+The {{< hover label="xr" line="3">}}apiVersion{{< /hover >}} and 
+{{< hover label="xr" line="4">}}kind{{</hover >}} are from the provider's CRDs.
+
 
+The {{< hover label="xr" line="6">}}metadata.name{{< /hover >}} value is the 
+name of the created S3 bucket in AWS.  
+This example uses the generated name `crossplane-bucket-<hash>` in the 
+{{< hover label="xr" line="6">}}$bucket{{</hover >}} variable.
 
-The {{< hover label="xr" line="6">}}metadata.name{{< /hover >}} value is the name of the created S3 bucket in AWS.  
-This example uses the generated name `crossplane-bucket-<hash>` in the {{< hover label="xr" line="6">}}`$bucket`{{</hover >}} variable.
+The {{< hover label="xr" line="9">}}spec.forProvider.region{{< /hover >}} tells 
+AWS which AWS region to use when deploying resources.  
 
-The {{< hover label="xr" line="9">}}spec.forProvider.region{{< /hover >}} tells AWS which AWS region to use when deploying resources. The region can be any [AWS Regional endpoint](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints) code.
+The region can be any 
+[AWS Regional endpoint](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints) code.
 
 Use `kubectl get buckets` to verify Crossplane created the bucket.
 
@@ -1207,6 +237,9 @@ bucket.s3.aws.upbound.io "crossplane-bucket-45eed4ae0" deleted
 ```
 
 ## Next steps
-* [**Continue to part 2**]({{< ref "provider-aws-part-2">}})** to create a Crossplane _Composite Resource_ and _Claim_.
-* Explore AWS resources that Crossplane can configure in the [Provider CRD reference](https://marketplace.upbound.io/providers/upbound/provider-family-aws/).
-* Join the [Crossplane Slack](https://slack.crossplane.io/) and connect with Crossplane users and contributors.
\ No newline at end of file
+* [**Continue to part 2**]({{< ref "provider-aws-part-2">}}) to create a 
+  Crossplane _Composite Resource_ and _Claim_.
+* Explore AWS resources that Crossplane can configure in the 
+  [Provider CRD reference](https://marketplace.upbound.io/providers/upbound/provider-family-aws/).
+* Join the [Crossplane Slack](https://slack.crossplane.io/) and connect with 
+  Crossplane users and contributors.
\ No newline at end of file