diff --git a/examples/aws/terraform/ha-autoscale-cluster/s3.tf b/examples/aws/terraform/ha-autoscale-cluster/s3.tf
index 1880b7cf10541..ac406fecad7e9 100644
--- a/examples/aws/terraform/ha-autoscale-cluster/s3.tf
+++ b/examples/aws/terraform/ha-autoscale-cluster/s3.tf
@@ -7,8 +7,9 @@ resource "aws_s3_bucket" "certs" {
 }
 
 resource "aws_s3_bucket_acl" "certs" {
-  bucket = aws_s3_bucket.certs.bucket
-  acl    = "private"
+  depends_on = [aws_s3_bucket_ownership_controls.certs]
+  bucket     = aws_s3_bucket.certs.bucket
+  acl        = "private"
 }
 
 // For demo purposes, CMK is not needed
@@ -23,6 +24,14 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "certs" {
   }
 }
 
+resource "aws_s3_bucket_ownership_controls" "certs" {
+  bucket = aws_s3_bucket.certs.id
+
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
 resource "aws_s3_bucket_versioning" "certs" {
   bucket = aws_s3_bucket.certs.bucket