diff --git a/modules/aws-exfiltration-protection/s3.tf b/modules/aws-exfiltration-protection/s3.tf
index 0695445d..5b1c281d 100644
--- a/modules/aws-exfiltration-protection/s3.tf
+++ b/modules/aws-exfiltration-protection/s3.tf
@@ -13,6 +13,13 @@ resource "aws_s3_bucket_versioning" "versioning" {
   }
 }
 
+resource "aws_s3_bucket_ownership_controls" "state" {
+  bucket = aws_s3_bucket.root_storage_bucket.id
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
 resource "aws_s3_bucket_acl" "acl" {
   bucket = aws_s3_bucket.root_storage_bucket.id
   acl    = "private"
diff --git a/modules/aws-workspace-basic/main.tf b/modules/aws-workspace-basic/main.tf
index 58715299..9b3b1a5c 100644
--- a/modules/aws-workspace-basic/main.tf
+++ b/modules/aws-workspace-basic/main.tf
@@ -5,5 +5,5 @@ resource "random_string" "naming" {
 }
 
 locals {
-  prefix = "demo${random_string.naming.result}"
-}
\ No newline at end of file
+  prefix = var.prefix != "" ? var.prefix : "demo${random_string.naming.result}"
+}
diff --git a/modules/aws-workspace-basic/s3.tf b/modules/aws-workspace-basic/s3.tf
index 75443b0a..bf2a11d7 100644
--- a/modules/aws-workspace-basic/s3.tf
+++ b/modules/aws-workspace-basic/s3.tf
@@ -13,6 +13,13 @@ resource "aws_s3_bucket_versioning" "versioning" {
   }
 }
 
+resource "aws_s3_bucket_ownership_controls" "state" {
+  bucket = aws_s3_bucket.root_storage_bucket.id
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
 resource "aws_s3_bucket_acl" "acl" {
   bucket = aws_s3_bucket.root_storage_bucket.id
   acl    = "private"
diff --git a/modules/aws-workspace-basic/variables.tf b/modules/aws-workspace-basic/variables.tf
index e4ece788..c6d99732 100644
--- a/modules/aws-workspace-basic/variables.tf
+++ b/modules/aws-workspace-basic/variables.tf
@@ -10,4 +10,9 @@ variable "cidr_block" {
 
 variable "region" {
   default = "eu-west-1"
+}
+
+variable "prefix" {
+  default = null
+  description = "Default value is demo"
 }
\ No newline at end of file
diff --git a/modules/aws-workspace-with-firewall/s3.tf b/modules/aws-workspace-with-firewall/s3.tf
index 55c63764..aaf43130 100644
--- a/modules/aws-workspace-with-firewall/s3.tf
+++ b/modules/aws-workspace-with-firewall/s3.tf
@@ -30,6 +30,13 @@ resource "aws_s3_bucket_policy" "root_bucket_policy" {
   depends_on = [aws_s3_bucket_public_access_block.root_storage_bucket]
 }
 
+resource "aws_s3_bucket_ownership_controls" "state" {
+  bucket = aws_s3_bucket.root_storage_bucket.id
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
 resource "aws_s3_bucket_acl" "root_storage_bucket" {
   bucket     = aws_s3_bucket.root_storage_bucket.id
   acl        = "private"