diff --git a/bootstrap/.terraform-version b/bootstrap/.terraform-version
index c24a395..6085e94 100644
--- a/bootstrap/.terraform-version
+++ b/bootstrap/.terraform-version
@@ -1 +1 @@
-0.14.7
+1.2.1
diff --git a/bootstrap/s3_bucket.tf b/bootstrap/s3_bucket.tf
index 828fa8b..7559bd9 100644
--- a/bootstrap/s3_bucket.tf
+++ b/bootstrap/s3_bucket.tf
@@ -1,41 +1,7 @@
 resource "aws_s3_bucket" "bucket" {
-  bucket = var.bucket_name
-  acl    = "private"
-
+  bucket        = var.bucket_name
   force_destroy = "false"
 
-  lifecycle_rule {
-    prefix  = ""
-    enabled = "true"
-
-    noncurrent_version_transition {
-      days          = "30"
-      storage_class = "STANDARD_IA"
-    }
-
-    noncurrent_version_transition {
-      days          = "60"
-      storage_class = "GLACIER"
-    }
-
-    noncurrent_version_expiration {
-      days = "90"
-    }
-  }
-
-  server_side_encryption_configuration {
-    rule {
-      apply_server_side_encryption_by_default {
-        kms_master_key_id = aws_kms_key.s3.arn
-        sse_algorithm     = "aws:kms"
-      }
-    }
-  }
-
-  versioning {
-    enabled = "true"
-  }
-
   # This does not use default tag map merging because bootstrapping is special
   # You should use default tag map merging elsewhere
   tags = {
diff --git a/bootstrap/s3_bucket_acl.tf b/bootstrap/s3_bucket_acl.tf
new file mode 100644
index 0000000..41658b2
--- /dev/null
+++ b/bootstrap/s3_bucket_acl.tf
@@ -0,0 +1,4 @@
+resource "aws_s3_bucket_acl" "bucket" {
+  bucket = aws_s3_bucket.bucket.id
+  acl    = "private"
+}
diff --git a/bootstrap/s3_bucket_lifecycle_configuration.tf b/bootstrap/s3_bucket_lifecycle_configuration.tf
new file mode 100644
index 0000000..33859b4
--- /dev/null
+++ b/bootstrap/s3_bucket_lifecycle_configuration.tf
@@ -0,0 +1,27 @@
+resource "aws_s3_bucket_lifecycle_configuration" "bucket" {
+  bucket                = aws_s3_bucket.bucket.id
+  expected_bucket_owner = var.aws_account_id
+
+  rule {
+    id     = "default"
+    status = "Enabled"
+
+    filter {
+      prefix = ""
+    }
+
+    noncurrent_version_transition {
+      noncurrent_days = "30"
+      storage_class   = "STANDARD_IA"
+    }
+
+    noncurrent_version_transition {
+      noncurrent_days = "60"
+      storage_class   = "GLACIER"
+    }
+
+    noncurrent_version_expiration {
+      noncurrent_days = "90"
+    }
+  }
+}
diff --git a/bootstrap/s3_bucket_server_side_encryption_configuration.tf b/bootstrap/s3_bucket_server_side_encryption_configuration.tf
new file mode 100644
index 0000000..0352d4c
--- /dev/null
+++ b/bootstrap/s3_bucket_server_side_encryption_configuration.tf
@@ -0,0 +1,10 @@
+resource "aws_s3_bucket_server_side_encryption_configuration" "bucket" {
+  bucket = aws_s3_bucket.bucket.bucket
+
+  rule {
+    apply_server_side_encryption_by_default {
+      kms_master_key_id = aws_kms_key.s3.arn
+      sse_algorithm     = "aws:kms"
+    }
+  }
+}
diff --git a/bootstrap/s3_bucket_versioning.tf b/bootstrap/s3_bucket_versioning.tf
new file mode 100644
index 0000000..80c1ab9
--- /dev/null
+++ b/bootstrap/s3_bucket_versioning.tf
@@ -0,0 +1,7 @@
+resource "aws_s3_bucket_versioning" "bucket" {
+  bucket = aws_s3_bucket.bucket.id
+
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
diff --git a/bootstrap/versions.tf b/bootstrap/versions.tf
index 2fa54bc..78f46ee 100644
--- a/bootstrap/versions.tf
+++ b/bootstrap/versions.tf
@@ -2,9 +2,9 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 3.31.0"
+      version = "~> 4.15.1"
     }
   }
 
-  required_version = ">= 0.14.7"
+  required_version = ">= 1.2.1"
 }