diff --git a/README.md b/README.md
index 2819b77..e1bce4a 100644
--- a/README.md
+++ b/README.md
@@ -78,6 +78,7 @@ No Modules.
 
 | Name |
 |------|
+| [aws_canonical_user_id](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/canonical_user_id) |
 | [aws_cloudfront_distribution](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution) |
 | [aws_route53_record](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) |
 | [aws_route53_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) |
diff --git a/main.tf b/main.tf
index 0c0a750..73cfb7e 100644
--- a/main.tf
+++ b/main.tf
@@ -79,6 +79,9 @@ resource "aws_s3_bucket" "site_www_redirect" {
 }
 
 # S3 bucket for CloudFront logging
+
+data "aws_canonical_user_id" "current" {}
+
 resource "aws_s3_bucket" "site_cloudfront_logs" {
   bucket = "${var.site_tld}-cloudfront-logs"
   # region = var.site_region
@@ -88,6 +91,12 @@ resource "aws_s3_bucket" "site_cloudfront_logs" {
     type        = "CanonicalUser"
     permissions = ["FULL_CONTROL"]
   }
+
+  grant {
+    id          = data.aws_canonical_user_id.current.id
+    type        = "CanonicalUser"
+    permissions = ["FULL_CONTROL"]
+  }
 }
 
 resource "aws_s3_bucket_public_access_block" "cloudfront_logs_block" {