diff --git a/terraform/buckets/permissions.tf b/terraform/buckets/permissions.tf
index 5908e21..6b1d3c4 100644
--- a/terraform/buckets/permissions.tf
+++ b/terraform/buckets/permissions.tf
@@ -19,7 +19,18 @@ resource "aws_s3_bucket_public_access_block" "public_access_block" {
   restrict_public_buckets = false
 }
 
-resource "aws_s3_bucket_acl" "acl" {
+resource "aws_s3_bucket_public_access_block" "private_access_block" {
+  for_each = {for bucket, value in var.buckets : bucket => value if value.public_access == false}
+  
+  bucket = aws_s3_bucket.bucket[each.key].id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
+
+resource "aws_s3_bucket_acl" "public_acl" {
   for_each = {for bucket, value in var.buckets : bucket => value if value.public_access == true}
 
   depends_on = [
@@ -31,6 +42,18 @@ resource "aws_s3_bucket_acl" "acl" {
   acl    = "public-read"
 }
 
+resource "aws_s3_bucket_acl" "private_acl" {
+  for_each = {for bucket, value in var.buckets : bucket => value if value.public_access == false}
+
+  depends_on = [
+    aws_s3_bucket_ownership_controls.ownership,
+    aws_s3_bucket_public_access_block.private_access_block
+  ]
+
+  bucket = aws_s3_bucket.bucket[each.key].id
+  acl    = "private"
+}
+
 resource "aws_s3_bucket_policy" "policy" {
   for_each = {for bucket, value in var.buckets : bucket => value if value.public_access == true}
   
diff --git a/terraform/buckets/variables.tf b/terraform/buckets/variables.tf
index 4b72d89..a75c753 100644
--- a/terraform/buckets/variables.tf
+++ b/terraform/buckets/variables.tf
@@ -15,8 +15,8 @@ variable "buckets" {
   }))
   default = {
     dsk-alert-images = { 
-      object_ownership  = "BucketOwnerPreferred"
-      public_access     = true
+      object_ownership  = "BucketOwnerEnforced"
+      public_access     = false
       versioning        = "Enabled"
       lifecycle         = {
         status          = "Disabled"