diff --git a/deployments/pipeline-infrastructure.yml b/deployments/pipeline-infrastructure.yml
index ba340f4..f7345c2 100644
--- a/deployments/pipeline-infrastructure.yml
+++ b/deployments/pipeline-infrastructure.yml
@@ -38,7 +38,7 @@ Resources:
               # Allow codepipeline to put artifacts in the S3 bucket
               # as well as get artifacts back out of it.
               - Resource:
-                  - !Sub arn:aws:s3:::${ArtifactBucket}/*
+                  - !Sub arn:aws:s3:::${ArtifactBucket}*
                 Effect: Allow
                 Action:
                   - s3:PutObject
diff --git a/deployments/pipeline-new.yml b/deployments/pipeline-new.yml
index 5d3175e..f4113c5 100644
--- a/deployments/pipeline-new.yml
+++ b/deployments/pipeline-new.yml
@@ -353,7 +353,7 @@ Resources:
                   - s3:GetObject
                   - s3:GetObjectVersion
                   - s3:GetBucketVersioning
-                  - s3:*
+                  - s3:PutObjectAcl
               # Allow codepipeline to build code builds
               - Resource: "*"
                 Effect: Allow
@@ -438,7 +438,6 @@ Resources:
                   - "codepipeline:*"
                   - "events:*"
                   - "ecs:*"
-                  # - "s3:*"
                 Resource: "*"
 
   #-----------------------------------------------------------------------------#