diff --git a/CHANGELOG.md b/CHANGELOG.md
index f16d0e9..5e31bb6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -101,3 +101,7 @@ This works with the Terraform AWS provider 4.x, released 2022-02.
 * 3.0.2 -- 2022-03-25
   - common/resource.tf
     - do not create aws_s3_bucket_acl if bucket_owner is set to enforced
+
+* 3.0.3 -- 2022-03-25
+  - common/resource.tf
+    - add back in acl, service_side_encryption, logging, versiong as they do not appear to work in govcloud
diff --git a/common/resources.tf b/common/resources.tf
index 0f75fdf..ffc5f27 100644
--- a/common/resources.tf
+++ b/common/resources.tf
@@ -49,28 +49,32 @@ locals {
 #---
 resource "aws_s3_bucket" "this" {
   bucket = local.bucket_name
-  ##  acl           = "private"
+  # remove (acl) when separate resources work
+  acl           = "private"
   force_destroy = var.force_destroy
 
-  ##   server_side_encryption_configuration {
-  ##     rule {
-  ##       apply_server_side_encryption_by_default {
-  ##         #        kms_master_key_id = aws_kms_key.key.arn
-  ##         kms_master_key_id = local.kms_key_arn
-  ##         sse_algorithm     = "aws:kms"
-  ##       }
-  ##       bucket_key_enabled = var.bucket_key_enabled
-  ##     }
-  ##   }
+  # remove (server_side_encryption_configuration) when separate resources work
+  server_side_encryption_configuration {
+    rule {
+      apply_server_side_encryption_by_default {
+        #        kms_master_key_id = aws_kms_key.key.arn
+        kms_master_key_id = local.kms_key_arn
+        sse_algorithm     = "aws:kms"
+      }
+      bucket_key_enabled = var.bucket_key_enabled
+    }
+  }
 
-  ##   versioning {
-  ##     enabled = local.versioning
-  ##   }
+  # remove (versioning) when separate resources work
+  versioning {
+    enabled = local.versioning
+  }
 
-  ##   logging {
-  ##     target_bucket = var.access_log_bucket
-  ##     target_prefix = format("%s/%s/", var.access_log_bucket_prefix, local.bucket_name)
-  ##   }
+  # remove (logging) when separate resources work
+  logging {
+    target_bucket = var.access_log_bucket
+    target_prefix = format("%s/%s/", var.access_log_bucket_prefix, local.bucket_name)
+  }
 
   lifecycle {
     prevent_destroy = false
diff --git a/common/version.tf b/common/version.tf
index 29bbea6..61746cc 100644
--- a/common/version.tf
+++ b/common/version.tf
@@ -1,3 +1,3 @@
 locals {
-  _module_version = "3.0.2"
+  _module_version = "3.0.3"
 }