diff --git a/infrastructure/sandbox/SharedInfrastructure/s3.tf b/infrastructure/sandbox/SharedInfrastructure/s3.tf
index ec0d79fc18..8f8708fc3e 100644
--- a/infrastructure/sandbox/SharedInfrastructure/s3.tf
+++ b/infrastructure/sandbox/SharedInfrastructure/s3.tf
@@ -1,13 +1,5 @@
 resource "aws_s3_bucket" "installers" {
   bucket = "${var.prefix}-installers"
-  server_side_encryption_configuration {
-    rule {
-      apply_server_side_encryption_by_default {
-        kms_master_key_id = var.kms_key.arn
-        sse_algorithm     = "aws:kms"
-      }
-    }
-  }
 }
 
 resource "aws_s3_bucket_public_access_block" "installers" {
@@ -17,6 +9,17 @@ resource "aws_s3_bucket_public_access_block" "installers" {
   block_public_policy = true
 }
 
+resource "aws_s3_bucket_server_side_encryption_configuration" "installers" {
+  bucket = aws_s3_bucket.installers.id
+
+  rule {
+    apply_server_side_encryption_by_default {
+      kms_master_key_id = var.kms_key.arn
+      sse_algorithm     = "aws:kms"
+    }
+  }
+}
+
 output "installer_bucket" {
   value = aws_s3_bucket.installers
 }