diff --git a/terraform/aws/modules/storage/main.tf b/terraform/aws/modules/storage/main.tf
index 73a6d8f5..52369e4f 100644
--- a/terraform/aws/modules/storage/main.tf
+++ b/terraform/aws/modules/storage/main.tf
@@ -46,7 +46,7 @@ resource "aws_db_instance" "km_db" {
   name                      = "km_db_${var.environment}"
   allocated_storage         = 20
   engine                    = "postgres"
-  engine_version            = "10.6"
+  engine_version            = "11.22"
   instance_class            = "db.t3.medium"
   storage_type              = "gp2"
   password                  = var.db_password
@@ -103,12 +103,28 @@ resource "aws_ssm_parameter" "km_ssm_db_name" {
 
 resource "aws_s3_bucket" "km_blob_storage" {
   bucket = "km-blob-storage-${var.environment}"
-  acl    = "private"
+  # acl    = "private"
   tags = merge(var.default_tags, {
     name = "km_blob_storage_${var.environment}"
   })
 }
 
+resource "aws_s3_bucket_ownership_controls" "km_blob_storage" {
+  depends_on = [aws_s3_bucket.km_blob_storage]
+  
+  bucket = aws_s3_bucket.km_blob_storage.id
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
+resource "aws_s3_bucket_acl" "km_blob_storage" {
+  depends_on = [aws_s3_bucket_ownership_controls.km_blob_storage]
+
+  bucket = aws_s3_bucket.km_blob_storage.id
+  acl    = "private"
+}
+
 resource "aws_s3_bucket" "km_public_blob" {
   bucket = "km-public-blob"
 }