diff --git a/templates/git2s3.template.yaml b/templates/git2s3.template.yaml
index 35594de..bdb4b77 100644
--- a/templates/git2s3.template.yaml
+++ b/templates/git2s3.template.yaml
@@ -140,6 +140,15 @@ Resources:
     Type: AWS::S3::Bucket
     Properties:
       Tags: []
+      BucketEncryption:
+        ServerSideEncryptionConfiguration:
+          - ServerSideEncryptionByDefault:
+              SSEAlgorithm: AES256
+      PublicAccessBlockConfiguration:
+        BlockPublicAcls: true
+        BlockPublicPolicy: true
+        IgnorePublicAcls: true
+        RestrictPublicBuckets: true
       VersioningConfiguration:
         Status: Enabled
 
@@ -263,6 +272,15 @@ Resources:
     Type: AWS::S3::Bucket
     Properties:
       Tags: []
+      BucketEncryption:
+        ServerSideEncryptionConfiguration:
+          - ServerSideEncryptionByDefault:
+              SSEAlgorithm: AES256
+      PublicAccessBlockConfiguration:
+        BlockPublicAcls: true
+        BlockPublicPolicy: true
+        IgnorePublicAcls: true
+        RestrictPublicBuckets: true
       VersioningConfiguration:
         Status: Enabled
 
@@ -273,6 +291,15 @@ Resources:
         - AutoGenOutputBucketName
         - !Ref 'OutputBucketName'
         - !Ref 'AWS::NoValue'
+      BucketEncryption:
+        ServerSideEncryptionConfiguration:
+          - ServerSideEncryptionByDefault:
+              SSEAlgorithm: AES256
+      PublicAccessBlockConfiguration:
+        BlockPublicAcls: true
+        BlockPublicPolicy: true
+        IgnorePublicAcls: true
+        RestrictPublicBuckets: true
       VersioningConfiguration:
         Status: Enabled
       Tags: []