diff --git a/s3.tf b/s3.tf
index 9214d7a..bace68c 100644
--- a/s3.tf
+++ b/s3.tf
@@ -4,15 +4,18 @@
 resource "aws_s3_bucket" "vault_data" {
   bucket_prefix = "${var.main_project_tag}-"
 
-  server_side_encryption_configuration {
-    rule {
-      apply_server_side_encryption_by_default {
-        sse_algorithm = "AES256"
-      }
+  tags = merge({ "Project" = var.main_project_tag })
+}
+
+## S3 Server-side bucket encryption
+resource "aws_s3_bucket_server_side_encryption_configuration" "vault_data_sse" {
+  bucket = aws_s3_bucket.vault_data.bucket
+
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm     = "AES256"
     }
   }
-
-  tags = merge({ "Project" = var.main_project_tag })
 }
 
 ## S3 Bucket Public Access Block