diff --git a/modules/infrastructure/main.tf b/modules/infrastructure/main.tf
index 2767415..0858f81 100644
--- a/modules/infrastructure/main.tf
+++ b/modules/infrastructure/main.tf
@@ -31,7 +31,8 @@ terraform {
 locals {
   services_auth = {for key, val in var.services : key => val if val.auth}
   services_database = {for key, val in var.services : key => val if val.database}
-  services_s3 = {for key, val in var.services : key => val if val.s3}
+  services_s3 = {for key, val in var.services : key => (val.s3_buckets != null) ? val.s3_buckets : [key] if val.s3}
+  buckets_s3 = merge([for key, val in local.services_s3 : {for bucket in val : bucket => key}]...)
 
   hetzner_hosts = {for key, val in var.hosts : key => val if val.provider == "hetzner"}
 }
diff --git a/modules/infrastructure/output.tf b/modules/infrastructure/output.tf
index 3307db5..be18002 100644
--- a/modules/infrastructure/output.tf
+++ b/modules/infrastructure/output.tf
@@ -51,9 +51,9 @@ output "healthchecksio" {
 
 output "scaleway_data" {
   value = {
-    for key in keys(scaleway_iam_application.service_applications) : key => {
-      "access_key"   = scaleway_iam_api_key.service_keys[key].access_key
-      "secret_key"   = scaleway_iam_api_key.service_keys[key].secret_key
+    for key, val in local.buckets_s3 : key => {
+      "access_key"   = scaleway_iam_api_key.service_keys[val].access_key
+      "secret_key"   = scaleway_iam_api_key.service_keys[val].secret_key
       "name"         = scaleway_object_bucket.service_buckets[key].name
       "region"       = scaleway_object_bucket.service_buckets[key].region
       "endpoint"     = scaleway_object_bucket.service_buckets[key].endpoint
diff --git a/modules/infrastructure/scaleway.tf b/modules/infrastructure/scaleway.tf
index f017a11..6b823c1 100644
--- a/modules/infrastructure/scaleway.tf
+++ b/modules/infrastructure/scaleway.tf
@@ -27,7 +27,7 @@ resource "scaleway_iam_policy" "service_storage_policies" {
 }
 
 resource "scaleway_object_bucket" "service_buckets" {
-  for_each = local.services_s3
+  for_each = local.buckets_s3
   name = "${each.key}.serguzim.me"
   lifecycle {
    prevent_destroy = true
@@ -35,7 +35,7 @@ resource "scaleway_object_bucket" "service_buckets" {
 }
 
 resource "scaleway_object_bucket_policy" "service_bucket_policies" {
-  for_each = local.services_s3
+  for_each = local.buckets_s3
   bucket = scaleway_object_bucket.service_buckets[each.key].id
   policy = jsonencode({
     Version = "2023-04-17",
@@ -58,7 +58,7 @@ resource "scaleway_object_bucket_policy" "service_bucket_policies" {
         Effect = "Allow"
         Action = "*"
         Principal = {
-          SCW = "application_id:${scaleway_iam_application.service_applications[each.key].id}"
+          SCW = "application_id:${scaleway_iam_application.service_applications[each.value].id}"
         }
         Resource = [
           "${scaleway_object_bucket.service_buckets[each.key].name}",
diff --git a/modules/infrastructure/variables.tf b/modules/infrastructure/variables.tf
index 4f5918d..f5339ee 100644
--- a/modules/infrastructure/variables.tf
+++ b/modules/infrastructure/variables.tf
@@ -32,6 +32,7 @@ variable "services" {
     auth_cert = optional(string)
     auth_redirects = optional(list(string))
     s3 = bool
+    s3_buckets = optional(list(string))
     database = bool
   }))
 }
diff --git a/variables.tf b/variables.tf
index e25622f..a28d5af 100644
--- a/variables.tf
+++ b/variables.tf
@@ -162,6 +162,7 @@ variable "services" {
     auth_cert = optional(string)
     auth_redirects = optional(list(string))
     s3 = bool
+    s3_buckets = optional(list(string))
     database = bool
     mail = optional(string)
   }))