diff --git a/aws_s3_bucket.access_log_bucket.tf b/aws_s3_bucket.access_log_bucket.tf
index 6e8d6d5..1dbc282 100644
--- a/aws_s3_bucket.access_log_bucket.tf
+++ b/aws_s3_bucket.access_log_bucket.tf
@@ -11,10 +11,20 @@ resource "aws_s3_bucket" "access_log_bucket" {
 
 }
 
+resource "aws_s3_bucket_ownership_controls" "access_log_bucket" {
+  bucket   = aws_s3_bucket.access_log_bucket.id
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
 resource "aws_s3_bucket_acl" "access_log_bucket" {
   bucket = aws_s3_bucket.access_log_bucket.id
 
   acl = "log-delivery-write"
+  depends_on = [
+	  aws_s3_bucket_ownership_controls.access_log_bucket,
+  ]
 }
 
 
diff --git a/aws_s3_bucket.session_logs_bucket.tf b/aws_s3_bucket.session_logs_bucket.tf
index f1cd0a2..3b28d08 100644
--- a/aws_s3_bucket.session_logs_bucket.tf
+++ b/aws_s3_bucket.session_logs_bucket.tf
@@ -8,10 +8,20 @@ resource "aws_s3_bucket" "session_logs_bucket" {
 
 }
 
+resource "aws_s3_bucket_ownership_controls" "session_logs_bucket" {
+  bucket   = aws_s3_bucket.session_logs_bucket.id
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
 resource "aws_s3_bucket_acl" "session_logs_bucket" {
   bucket = aws_s3_bucket.session_logs_bucket.id
 
   acl = "private"
+  depends_on = [
+	  aws_s3_bucket_ownership_controls.session_logs_bucket,
+  ]
 }
 
 
diff --git a/main.tf b/main.tf
index 11031a5..7fd3b00 100644
--- a/main.tf
+++ b/main.tf
@@ -36,13 +36,16 @@ resource "aws_ssm_document" "session_manager_prefs" {
     sessionType   = "Standard_Stream"
     inputs = {
       s3BucketName                = var.enable_log_to_s3 ? aws_s3_bucket.session_logs_bucket.id : ""
-      s3EncryptionEnabled         = var.enable_log_to_s3 ? "true" : "false"
+      s3EncryptionEnabled         = var.enable_log_to_s3 ? true : false
       cloudWatchLogGroupName      = var.enable_log_to_cloudwatch ? aws_cloudwatch_log_group.session_manager_log_group.name : ""
-      cloudWatchEncryptionEnabled = var.enable_log_to_cloudwatch ? "true" : "false"
+      cloudWatchEncryptionEnabled = var.enable_log_to_cloudwatch ? true : false
       kmsKeyId                    = aws_kms_key.ssmkey.key_id
+      idleSessionTimeout          = "20"
       shellProfile = {
-        linux   = var.linux_shell_profile == "" ? var.linux_shell_profile : ""
-        windows = var.windows_shell_profile == "" ? var.windows_shell_profile : ""
+      #  linux   = var.linux_shell_profile == "" ? var.linux_shell_profile : ""
+      #  windows = var.windows_shell_profile == "" ? var.windows_shell_profile : ""
+        linux   = var.linux_shell_profile == "" ? "" : var.linux_shell_profile
+        windows = var.windows_shell_profile == "" ? "" : var.windows_shell_profile
       }
     }
   })
diff --git a/vpce.tf b/vpce.tf
index 69f35cf..1e68ac4 100644
--- a/vpce.tf
+++ b/vpce.tf
@@ -1,11 +1,14 @@
 locals {
   region  = var.vpc_endpoints_enabled && var.vpc_id != null ? split(":", data.aws_vpc.selected[0].arn)[3] : data.aws_region.current.name
-  subnets = var.vpc_endpoints_enabled ? var.subnet_ids != [] ? var.subnet_ids : data.aws_subnet_ids.selected[0].ids : []
+  subnets = var.vpc_endpoints_enabled ? var.subnet_ids != [] ? var.subnet_ids : data.aws_subnets.selected[0].ids : []
 }
 
-data "aws_subnet_ids" "selected" {
+data "aws_subnet" "selected" {
   count  = var.vpc_endpoints_enabled ? 1 : 0
-  vpc_id = var.vpc_id
+  filter {
+    name = "vpc-id"
+    values = [var.vpc_id]
+  }
 }
 
 data "aws_route_table" "selected" {