diff --git a/infrastructure/database.tf b/infrastructure/database.tf
index 4c25fe6f3..c279ba721 100644
--- a/infrastructure/database.tf
+++ b/infrastructure/database.tf
@@ -238,6 +238,28 @@ resource "aws_s3_bucket" "reports_bucket" {
   }
 }
 
+resource "aws_s3_bucket_policy" "reports_bucket" {
+  bucket = var.reports_bucket_name
+  policy = jsonencode({
+    "Version" : "2012-10-17",
+    "Statement" : [
+      {
+        "Sid" : "Require SSL for Requests",
+        "Effect" : "Deny",
+        "Resource" : [
+          "arn:aws:s3:::${var.reports_bucket_name}",
+          "arn:aws:s3:::${var.reports_bucket_name}/*"
+        ],
+        "Condition" : {
+          "Bool" : {
+            "aws:SecureTransport" : "false"
+          }
+        }
+      }
+    ]
+  })
+}
+
 resource "aws_s3_bucket_acl" "reports_bucket" {
   bucket = aws_s3_bucket.reports_bucket.id
   acl    = "private"
diff --git a/infrastructure/main.tf b/infrastructure/main.tf
index 24c4dc334..64a94acb7 100644
--- a/infrastructure/main.tf
+++ b/infrastructure/main.tf
@@ -35,17 +35,20 @@ resource "aws_s3_bucket" "logging_bucket" {
 resource "aws_s3_bucket_policy" "logging_bucket" {
   bucket = aws_s3_bucket.logging_bucket.id
   policy = jsonencode({
-    "Sid" : "Require SSL for requests",
-    "Effect" : "Deny",
-    "Resource" : [
-      "arn:aws:s3:::${var.logging_bucket_name}",
-      "arn:aws:s3:::${var.logging_bucket_name}/*"
-    ],
-    "Condition" : {
-      "Bool" : {
-        "aws:SecureTransport" : "false"
+    "Version" : "2012-10-17",
+    "Statement" : [{
+      "Sid" : "Require SSL for requests",
+      "Effect" : "Deny",
+      "Resource" : [
+        "arn:aws:s3:::${var.logging_bucket_name}",
+        "arn:aws:s3:::${var.logging_bucket_name}/*"
+      ],
+      "Condition" : {
+        "Bool" : {
+          "aws:SecureTransport" : "false"
+        }
       }
-    }
+    }]
   })
 }