diff --git a/main.tf b/main.tf
index 29f180e..69caa1a 100644
--- a/main.tf
+++ b/main.tf
@@ -37,10 +37,11 @@ resource "random_password" "token" {
 }
 
 module "statestore" {
-  source = "./modules/statestore"
-  name   = local.uname
-  token  = random_password.token.result
-  tags   = merge(local.default_tags, var.tags)
+  source     = "./modules/statestore"
+  name       = local.uname
+  create_acl = var.create_acl
+  token      = random_password.token.result
+  tags       = merge(local.default_tags, var.tags)
 
   attach_deny_insecure_transport_policy = var.statestore_attach_deny_insecure_transport_policy
 }
diff --git a/modules/statestore/main.tf b/modules/statestore/main.tf
index 59128ad..44b9707 100644
--- a/modules/statestore/main.tf
+++ b/modules/statestore/main.tf
@@ -18,6 +18,7 @@ resource "aws_s3_bucket_ownership_controls" "bucket_ownership_controls" {
 }
 
 resource "aws_s3_bucket_acl" "acl" {
+  count  = var.create_acl ? 1 : 0
   bucket = aws_s3_bucket.bucket.id
   acl    = "private"
 
diff --git a/modules/statestore/variables.tf b/modules/statestore/variables.tf
index 3e5cebe..ce3e68d 100644
--- a/modules/statestore/variables.tf
+++ b/modules/statestore/variables.tf
@@ -14,3 +14,8 @@ variable "tags" {
 variable "attach_deny_insecure_transport_policy" {
   type = bool
 }
+
+variable "create_acl" {
+  type    = bool
+  default = true
+}
diff --git a/variables.tf b/variables.tf
index a29f340..c41412b 100644
--- a/variables.tf
+++ b/variables.tf
@@ -230,3 +230,9 @@ variable "statestore_attach_deny_insecure_transport_policy" {
   type        = bool
   default     = true
 }
+
+variable "create_acl" {
+  description = "Toggle creation of ACL for statestore bucket"
+  type        = bool
+  default     = true
+}