diff --git a/modules/terraform-setup/main.tf b/modules/terraform-setup/main.tf
index 488342d..3f3cac5 100644
--- a/modules/terraform-setup/main.tf
+++ b/modules/terraform-setup/main.tf
@@ -4,17 +4,17 @@ resource "aws_s3_bucket" "s3bucket" {
 
 resource "aws_s3_bucket_public_access_block" "s3-public-access-settings" {
   depends_on = [aws_s3_bucket.s3bucket]
-  bucket = aws_s3_bucket.s3bucket.id
+  bucket     = aws_s3_bucket.s3bucket.id
 
-  block_public_acls   = true
-  block_public_policy = true
-  ignore_public_acls =  true
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
   restrict_public_buckets = true
 }
 
 resource "aws_s3_bucket_ownership_controls" "bucket-ownership-setting" {
   depends_on = [aws_s3_bucket_public_access_block.s3-public-access-settings]
-  bucket = aws_s3_bucket.s3bucket.id
+  bucket     = aws_s3_bucket.s3bucket.id
 
   rule {
     object_ownership = "BucketOwnerPreferred"
@@ -27,7 +27,7 @@ resource "aws_s3_bucket_lifecycle_configuration" "bucket-lifecycle-config" {
   bucket = aws_s3_bucket.s3bucket.bucket
 
   rule {
-    id = "default"
+    id     = "default"
     status = "Enabled"
 
     dynamic "noncurrent_version_expiration" {
@@ -52,7 +52,7 @@ resource "aws_s3_bucket_lifecycle_configuration" "bucket-lifecycle-config" {
 }
 
 resource "aws_s3_bucket_versioning" "bucket-versioning" {
-  count = var.enable-bucket-versioning ? 1 : 0
+  count  = var.enable-bucket-versioning ? 1 : 0
   bucket = aws_s3_bucket.s3bucket.id
   versioning_configuration {
     status = "Enabled"
@@ -63,7 +63,7 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "bucket-encryption
   bucket = aws_s3_bucket.s3bucket.bucket
   rule {
     apply_server_side_encryption_by_default {
-      sse_algorithm     = "AES256"
+      sse_algorithm = "AES256"
     }
   }
 }
@@ -86,13 +86,25 @@ resource "aws_s3_bucket_policy" "bucket-policy" {
       "Effect": "Allow",
       "Resource": [
         "arn:aws:s3:::${var.bucket-name}/*",
-        "arn:aws:s3:::${var.bucket-name}-tfstate"
+        "arn:aws:s3:::${var.bucket-name}"
       ],
       "Principal": {
         "AWS": [
           "arn:aws:iam::${data.aws_caller_identity.this.account_id}:root"
         ]
       }
+    },
+    {
+      "Sid": "AllowSSLRequestsOnly",
+      "Action": "s3:*",
+      "Effect": "Deny",
+      "Resource": "arn:aws:s3:::${var.bucket-name}/*",
+      "Condition": {
+        "Bool": {
+          "aws:SecureTransport": "false"
+        }
+      },
+      "Principal": "*"
     }
   ]
 }
@@ -100,9 +112,9 @@ EOT
 }
 
 resource "aws_dynamodb_table" "tfstate-lock-table" {
-  name           = var.ddb-table-name
-  billing_mode   = "PAY_PER_REQUEST"
-  hash_key       = "LockID"
+  name         = var.ddb-table-name
+  billing_mode = "PAY_PER_REQUEST"
+  hash_key     = "LockID"
   point_in_time_recovery {
     enabled = true
   }
@@ -116,4 +128,4 @@ resource "aws_dynamodb_table" "tfstate-lock-table" {
   }
 }
 
-data aws_caller_identity this {}
+data "aws_caller_identity" "this" {}