diff --git a/infrastructure/terraform/modules/s3bucket/README.md b/infrastructure/terraform/modules/s3bucket/README.md
index 4cc9015..8e0e793 100644
--- a/infrastructure/terraform/modules/s3bucket/README.md
+++ b/infrastructure/terraform/modules/s3bucket/README.md
@@ -18,6 +18,7 @@
 | <a name="input_bucket_notification_depends_on"></a> [bucket\_notification\_depends\_on](#input\_bucket\_notification\_depends\_on) | Bucket notification explicit dependencies for depends\_on meta | `list(any)` | `[]` | no |
 | <a name="input_component"></a> [component](#input\_component) | The name of the tfscaffold component | `string` | n/a | yes |
 | <a name="input_default_tags"></a> [default\_tags](#input\_default\_tags) | A map of default tags to apply to all taggable resources within the component | `map(string)` | `{}` | no |
+| <a name="input_enable_abac"></a> [enable\_abac](#input\_enable\_abac) | Toggle for enabling ABAC on the bucket. Defaults to false | `bool` | `false` | no |
 | <a name="input_environment"></a> [environment](#input\_environment) | The name of the tfscaffold environment | `string` | n/a | yes |
 | <a name="input_force_destroy"></a> [force\_destroy](#input\_force\_destroy) | Boolean to toggle force destroy of bucket. Defaults to true; should be changed in exceptional circumstances | `bool` | `true` | no |
 | <a name="input_kms_key_arn"></a> [kms\_key\_arn](#input\_kms\_key\_arn) | ARN of default encryption KMS key for this bucket. If omitted, will use AES256 | `string` | `null` | no |
diff --git a/infrastructure/terraform/modules/s3bucket/s3_bucket_abac.tf b/infrastructure/terraform/modules/s3bucket/s3_bucket_abac.tf
new file mode 100644
index 0000000..fac8d8f
--- /dev/null
+++ b/infrastructure/terraform/modules/s3bucket/s3_bucket_abac.tf
@@ -0,0 +1,8 @@
+resource "aws_s3_bucket_abac" "main" {
+  count  = var.enable_abac ? 1 : 0
+  bucket = aws_s3_bucket.main.bucket
+
+  abac_status {
+    status = "Enabled"
+  }
+}
diff --git a/infrastructure/terraform/modules/s3bucket/variables.tf b/infrastructure/terraform/modules/s3bucket/variables.tf
index e61fb77..7aeeb60 100644
--- a/infrastructure/terraform/modules/s3bucket/variables.tf
+++ b/infrastructure/terraform/modules/s3bucket/variables.tf
@@ -129,3 +129,9 @@ variable "object_ownership" {
   description = "Ownership of objects written to the bucket"
   default     = "BucketOwnerEnforced"
 }
+
+variable "enable_abac" {
+  type        = bool
+  description = "Toggle for enabling ABAC on the bucket. Defaults to false"
+  default     = false
+}