diff --git a/ecs.tf b/ecs.tf
index a46615c..c8555a1 100644
--- a/ecs.tf
+++ b/ecs.tf
@@ -3,12 +3,11 @@ resource "aws_ecs_cluster" "ecs" {
   depends_on = [aws_autoscaling_group.ecs, aws_ecs_capacity_provider.ecs_capacity_provider]
   name       = var.name
 
-  capacity_providers = ["${var.name}-capacity-provider"]
-
   lifecycle {
     ignore_changes = [
       tags
     ]
   }
 
-}
\ No newline at end of file
+}
+
diff --git a/s3.tf b/s3.tf
index 58b0d08..ac6b967 100644
--- a/s3.tf
+++ b/s3.tf
@@ -3,13 +3,23 @@ resource "aws_s3_bucket" "vpn" {
 }
 
 resource "aws_s3_bucket_acl" "vpn" {
+  depends_on = [aws_s3_bucket_ownership_controls.vpn]
+
   bucket = aws_s3_bucket.vpn.id
   acl = "private"
 }
 
+resource "aws_s3_bucket_ownership_controls" "vpn" {
+  bucket = aws_s3_bucket.vpn.id
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
 resource "aws_s3_bucket_policy" "vpn" {
+  count = var.s3_bucket_policy != "" ? 1 : 0
   bucket = aws_s3_bucket.vpn.id
-  policy        = var.s3_bucket_policy != "" ? var.s3_bucket_policy : null
+  policy        = var.s3_bucket_policy
 }
 
 resource "aws_s3_bucket_public_access_block" "vpn" {