diff --git a/s3-dataproc-ch.tf b/s3-dataproc-ch.tf
index a707bfd..799fb09 100644
--- a/s3-dataproc-ch.tf
+++ b/s3-dataproc-ch.tf
@@ -74,6 +74,13 @@ resource "yandex_vpc_security_group" "dataproc-security-group" {
     v4_cidr_blocks = ["0.0.0.0/0"]
   }
 
+  egress {
+    description    = "Allow access to NTP servers for time syncing"
+    protocol       = "UDP"
+    port           = 123
+    v4_cidr_blocks = ["0.0.0.0/0"]
+  }
+
   egress {
     description    = "Allow connections to the ClickHouse port from any IP address"
     protocol       = "TCP"
@@ -154,6 +161,10 @@ resource "yandex_storage_bucket" "input-bucket" {
   secret_key = yandex_iam_service_account_static_access_key.sa-static-key.secret_key
   bucket     = local.input-bucket
 
+  depends_on = [
+    yandex_resourcemanager_folder_iam_binding.s3-editor
+  ]
+
   grant {
     id          = yandex_iam_service_account.dataproc-sa.id
     type        = "CanonicalUser"
@@ -167,6 +178,10 @@ resource "yandex_storage_bucket" "output-bucket" {
   secret_key = yandex_iam_service_account_static_access_key.sa-static-key.secret_key
   bucket     = local.output-bucket
 
+  depends_on = [
+    yandex_resourcemanager_folder_iam_binding.s3-editor
+  ]
+
   grant {
     id          = yandex_iam_service_account.dataproc-sa.id
     type        = "CanonicalUser"
@@ -188,7 +203,7 @@ resource "yandex_dataproc_cluster" "dataproc-cluster" {
 
     hadoop {
       services        = ["HDFS", "SPARK", "YARN"]
-      ssh_public_keys = [file(local.dp_ssh_key)]
+      ssh_public_keys = ["${file(local.dp_ssh_key)}"]
     }
 
     subcluster_spec {