diff --git a/terraform-modules/aws/s3_bucket/main.tf b/terraform-modules/aws/s3_bucket/main.tf
index 48da48c4d..082c7e626 100644
--- a/terraform-modules/aws/s3_bucket/main.tf
+++ b/terraform-modules/aws/s3_bucket/main.tf
@@ -57,3 +57,11 @@ resource "aws_s3_bucket_logging" "logging" {
   target_bucket = var.logging_bucket_name
   target_prefix = "log/"
 }
+
+resource "aws_s3_bucket_ownership_controls" "bucket_ownership_controls" {
+  count = var.enable_bucket_owner_enforced ? 1 : 0
+  bucket = aws_s3_bucket.bucket.id
+  rule {
+    object_ownership = "BucketOwnerEnforced"
+  }
+}
diff --git a/terraform-modules/aws/s3_bucket/variables.tf b/terraform-modules/aws/s3_bucket/variables.tf
index 2ffb39c85..4d0327a61 100644
--- a/terraform-modules/aws/s3_bucket/variables.tf
+++ b/terraform-modules/aws/s3_bucket/variables.tf
@@ -79,3 +79,16 @@ variable "logging_bucket_prefix" {
   description = "The prefix to add to the logs"
   default     = "s3-log/"
 }
+
+variable "enable_bucket_owner_enforced" {
+  type        = bool
+  description = "BucketOwnerEnforced choice of object ownership, which is used to disable ACL-s."
+  #Bucket owner enforced (recommended) – ACLs are disabled, and the bucket
+  #owner automatically owns and has full control over every object in the bucket. 
+  #ACLs no longer affect permissions to data in the S3 bucket. The bucket uses policies 
+  #to define access control.
+  #https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html
+  default     = true 
+
+}
+