diff --git a/terraform/state.tf b/terraform/state.tf
index ecd224e..e630c32 100644
--- a/terraform/state.tf
+++ b/terraform/state.tf
@@ -4,20 +4,42 @@ resource "aws_iam_user" "terraform" {
 
 resource "aws_s3_bucket" "tfstate" {
   bucket = "0rng-terraform"
-  acl    = "private"
+}
 
-  versioning {
-    enabled = true
+resource "aws_s3_bucket_versioning" "tfstate" {
+  bucket = aws_s3_bucket.tfstate.id
+
+  versioning_configuration {
+    status = "Enabled"
   }
+}
 
-  lifecycle_rule {
-    enabled = true
+resource "aws_s3_bucket_server_side_encryption_configuration" "tfstate" {
+  bucket = aws_s3_bucket.tfstate.bucket
 
-    noncurrent_version_expiration {
-      days = 10
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm = "AES256"
     }
   }
+}
 
+resource "aws_s3_bucket_lifecycle_configuration" "tfstate" {
+  bucket = aws_s3_bucket.tfstate.id
+
+  rule {
+    id     = "Delete old non-current versions"
+    status = "Enabled"
+
+    noncurrent_version_expiration {
+      noncurrent_days = 30
+    }
+  }
+}
+
+resource "aws_s3_bucket_acl" "tfstate" {
+  bucket = aws_s3_bucket.tfstate.id
+  acl    = "private"
 }
 
 resource "aws_iam_user_policy" "modify-terraform-user" {