diff --git a/CHANGELOG.md b/CHANGELOG.md
index 203861b..dee3fd1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -136,3 +136,7 @@
 * v1.14.1 -- 20211126
   - cloudltrail
     - make multi-region default for org cloudtrail
+
+* v1.14.2 -- 20220118
+  - s3-access-logs
+    - set bucket owner to BucketOwnerEnforced
diff --git a/common/version.tf b/common/version.tf
index 746360c..c0d1fff 100644
--- a/common/version.tf
+++ b/common/version.tf
@@ -1,3 +1,3 @@
 locals {
-  _module_version = "1.14.1"
+  _module_version = "1.14.2"
 }
diff --git a/s3-access-logs/README.md b/s3-access-logs/README.md
index 0ac9c67..ee504ea 100644
--- a/s3-access-logs/README.md
+++ b/s3-access-logs/README.md
@@ -59,6 +59,7 @@ No modules.
 |------|------|
 | [aws_s3_bucket.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
 | [aws_s3_bucket_object.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_object) | resource |
+| [aws_s3_bucket_ownership_controls.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls) | resource |
 | [aws_s3_bucket_policy.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |
 | [aws_s3_bucket_public_access_block.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource |
 | [null_resource.policy_delay](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
diff --git a/s3-access-logs/main.tf b/s3-access-logs/main.tf
index 9c116a5..a4a4c2d 100644
--- a/s3-access-logs/main.tf
+++ b/s3-access-logs/main.tf
@@ -133,3 +133,16 @@ resource "null_resource" "policy_delay" {
     command = "sleep 120"
   }
 }
+
+#---
+# set ownership controls
+# see documentation:
+#  https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls
+#  
+resource "aws_s3_bucket_ownership_controls" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  rule {
+    object_ownership = "BucketOwnerEnforced"
+  }
+}