diff --git a/CHANGELOG.md b/CHANGELOG.md
index 092d0ff..554ffa9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a
 ### Changed
 - Changed `k8s` API to work with provider 2.x
 - Changed Terraform `map` to `tomap` to make it work with newer TF provider(The map function was deprecated in Terraform v0.12 and is no longer available).
+- Upgrade AWS provider to `4.x`.
   
 ## [6.19.1] - 2023-08-25
 ### Fixed
diff --git a/ouputs.tf b/ouputs.tf
index 98c5a8e..6dcf41f 100644
--- a/ouputs.tf
+++ b/ouputs.tf
@@ -1,9 +1,9 @@
 output "hms_readonly_load_balancers" {
-  value = var.hms_instance_type == "k8s" && var.enable_vpc_endpoint_services ? kubernetes_service.hms_readonly[0].status.0.load_balancer.0.ingress.0.hostname : []
+  value = var.hms_instance_type == "k8s" && var.enable_vpc_endpoint_services ? [kubernetes_service.hms_readonly[0].status.0.load_balancer.0.ingress.0.hostname] : []
 }
 
 output "hms_readwrite_load_balancers" {
-  value = var.hms_instance_type == "k8s" && var.enable_vpc_endpoint_services ? kubernetes_service.hms_readwrite[0].status.0.load_balancer.0.ingress.0.hostname : []
+  value = var.hms_instance_type == "k8s" && var.enable_vpc_endpoint_services ? [kubernetes_service.hms_readwrite[0].status.0.load_balancer.0.ingress.0.hostname] : []
 }
 
 output "managed_database_host" {
diff --git a/s3-other.tf b/s3-other.tf
index 8e1a70f..7aa1376 100644
--- a/s3-other.tf
+++ b/s3-other.tf
@@ -93,6 +93,13 @@ resource "aws_s3_bucket_ownership_controls" "apiary_inventory_bucket" {
   }
 }
 
+resource "aws_s3_bucket_acl" "apiary_inventory_bucket" {
+  count  = var.s3_enable_inventory == true ? 1 : 0
+  depends_on = [aws_s3_bucket_ownership_controls.apiary_inventory_bucket[0]]
+  bucket = aws_s3_bucket.apiary_inventory_bucket[0].id
+  acl    = "private"
+}
+
 resource "aws_s3_bucket" "apiary_managed_logs_bucket" {
   count  = local.enable_apiary_s3_log_management ? 1 : 0
   bucket = local.apiary_s3_logs_bucket
diff --git a/s3.tf b/s3.tf
index 528e1f8..61a76d3 100644
--- a/s3.tf
+++ b/s3.tf
@@ -38,7 +38,6 @@ resource "aws_s3_bucket" "apiary_data_bucket" {
     for schema in local.schemas_info : "${schema["schema_name"]}" => schema
   }
   bucket        = each.value["data_bucket"]
-  acl           = "private"
   request_payer = "BucketOwner"
   policy        = local.bucket_policy_map[each.key]
   tags = merge(tomap({"Name"=each.value["data_bucket"]}),
@@ -123,6 +122,14 @@ resource "aws_s3_bucket_ownership_controls" "apiary_bucket" {
   }
 }
 
+resource "aws_s3_bucket_acl" "apiary_data_bucket" {
+  for_each = {
+    for schema in local.schemas_info : "${schema["schema_name"]}" => schema
+  }
+  bucket = aws_s3_bucket.apiary_data_bucket[each.key].id
+  acl    = "private"
+}
+
 resource "aws_s3_bucket_notification" "data_events" {
   for_each = var.enable_data_events ? {
     for schema in local.schemas_info : "${schema["schema_name"]}" => schema if lookup(schema, "enable_data_events_sqs", "0") == "0"
diff --git a/version.tf b/version.tf
index dea5ffd..bc30dbe 100644
--- a/version.tf
+++ b/version.tf
@@ -13,7 +13,7 @@ terraform {
     }
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 3.0"
+      version = "~> 4.0"
     }
   }
 }