diff --git a/main.tf b/main.tf
index 1a1d833..485daaa 100644
--- a/main.tf
+++ b/main.tf
@@ -99,6 +99,23 @@ data "aws_iam_policy_document" "this" {
   }
 }
 
+#---
+# apply policy to bucket and public access block policy to bucket
+#---
+resource "aws_s3_bucket_policy" "policy" {
+  bucket     = aws_s3_bucket.this.bucket
+  policy     = data.aws_iam_policy_document.this.json
+  depends_on = [null_resource.policy_delay]
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket                  = aws_s3_bucket.this.id
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
+
 resource "null_resource" "s3_create_wait" {
   triggers = {
     bucket = aws_s3_bucket.this.id