diff --git a/examples/baseline-resources/README.md b/examples/baseline-resources/README.md
index 473c29e..b5137ae 100644
--- a/examples/baseline-resources/README.md
+++ b/examples/baseline-resources/README.md
@@ -4,4 +4,6 @@
 - create cloudtrail
 - enable aws config in all region
 - enable guardduty
-- enable securityhub
\ No newline at end of file
+- enable securityhub
+- disable s3 public access
+- require EBS encryption
\ No newline at end of file
diff --git a/examples/baseline-resources/main.tf b/examples/baseline-resources/main.tf
index 9db6c6a..03daade 100644
--- a/examples/baseline-resources/main.tf
+++ b/examples/baseline-resources/main.tf
@@ -35,4 +35,9 @@ module "enable-guardduty" {
 module "enable-securityhub" {
   # enable security hub
   source = "../../modules/security_identity_compliance/security_hub"
+}
+
+module "default-account-settings" {
+  # other default account settings
+  source = "../../modules/security_identity_compliance/other-default-settings"
 }
\ No newline at end of file
diff --git a/modules/security_identity_compliance/other-default-settings/main.tf b/modules/security_identity_compliance/other-default-settings/main.tf
new file mode 100644
index 0000000..dc43c0b
--- /dev/null
+++ b/modules/security_identity_compliance/other-default-settings/main.tf
@@ -0,0 +1,12 @@
+resource "aws_s3_account_public_access_block" "default-s3-public-access-settings" {
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+  lifecycle { ignore_changes = all }
+}
+
+resource "aws_ebs_encryption_by_default" "default-ebs-encryption-setting" {
+  enabled = true
+  lifecycle { ignore_changes = all }
+}
\ No newline at end of file