diff --git a/modules/s3-archive-bucket/README.md b/modules/s3-archive-bucket/README.md
index 9ac7153..59580b3 100644
--- a/modules/s3-archive-bucket/README.md
+++ b/modules/s3-archive-bucket/README.md
@@ -83,7 +83,7 @@ No modules.
 | <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A map of tags to add to all resources. | `map(string)` | `{}` | no |
 | <a name="input_tls_required"></a> [tls\_required](#input\_tls\_required) | (Optional) Deny any access to the S3 bucket that is not encrypted in-transit if true. | `bool` | `true` | no |
 | <a name="input_transfer_acceleration_enabled"></a> [transfer\_acceleration\_enabled](#input\_transfer\_acceleration\_enabled) | (Optional) Whether to use an accelerated endpoint for faster data transfers. | `bool` | `false` | no |
-| <a name="input_versioning_mfa_deletion"></a> [versioning\_mfa\_deletion](#input\_versioning\_mfa\_deletion) | (Optional) A configuration for MFA (Multi-factors Authentication) of the bucket versioning on deletion. `versioning_mfa_deletion` block as defined below.<br>    (Required) `enabled` - Whether MFA delete is enabled in the bucket versioning configuration. Default is `false`.<br>    (Required) `device` - The concatenation of the authentication device's serial number, a space, and the value that is displayed on your authentication device. | <pre>object({<br>    enabled = bool<br>    device  = string<br>  })</pre> | <pre>{<br>  "device": null,<br>  "enabled": false<br>}</pre> | no |
+| <a name="input_versioning_mfa_deletion"></a> [versioning\_mfa\_deletion](#input\_versioning\_mfa\_deletion) | (Optional) A configuration for MFA (Multi-factors Authentication) of the bucket versioning on deletion. `versioning_mfa_deletion` block as defined below.<br>    (Required) `enabled` - Whether MFA delete is enabled in the bucket versioning configuration. Default is `false`.<br>    (Required) `device` - The concatenation of the authentication device's serial number, a space, and the value that is displayed on your authentication device. | <pre>object({<br>    enabled = bool<br>    device  = string<br>  })</pre> | `null` | no |
 | <a name="input_versioning_status"></a> [versioning\_status](#input\_versioning\_status) | (Optional) A desired status of the bucket versioning. Valid values are `ENABLED`, `SUSPENDED`, or `DISABLED`. Disabled should only be used when creating or importing resources that correspond to unversioned S3 buckets. | `string` | `"DISABLED"` | no |
 
 ## Outputs
diff --git a/modules/s3-archive-bucket/lifecycle.tf b/modules/s3-archive-bucket/lifecycle.tf
index db939d5..3320ea1 100644
--- a/modules/s3-archive-bucket/lifecycle.tf
+++ b/modules/s3-archive-bucket/lifecycle.tf
@@ -24,7 +24,7 @@ resource "aws_s3_bucket_versioning" "this" {
 
   versioning_configuration {
     status     = local.versioning_mfa_status[var.versioning_status]
-    mfa_delete = try(var.versioning_mfa_deletion.enabled, false) ? "Enabled" : "Disabled"
+    mfa_delete = try(var.versioning_mfa_deletion.enabled ? "Enabled" : "Disabled", null)
   }
 }
 
diff --git a/modules/s3-archive-bucket/variables.tf b/modules/s3-archive-bucket/variables.tf
index 21e3a16..a4141e3 100644
--- a/modules/s3-archive-bucket/variables.tf
+++ b/modules/s3-archive-bucket/variables.tf
@@ -39,11 +39,7 @@ variable "versioning_mfa_deletion" {
     enabled = bool
     device  = string
   })
-  default = {
-    enabled = false
-    device  = null
-  }
-  nullable = false
+  default = null
 }
 
 variable "grants" {