diff --git a/main.tf b/main.tf
index 3d72b60..f6491b6 100644
--- a/main.tf
+++ b/main.tf
@@ -256,6 +256,34 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "example" {
     }
   }
 }
+
+resource "aws_s3_bucket_policy" "block-http" {
+  count  = var.block_http_traffic ? 1 : 0
+  bucket = aws_s3_bucket.mybucket[0].id
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Id      = "Blockhttp"
+    Statement = [
+      {
+        "Sid" : "AllowSSLRequestsOnly",
+        "Effect" : "Deny",
+        "Principal" : "*",
+        "Action" : "s3:*",
+        "Resource" : [
+          "${aws_s3_bucket.mybucket[0].arn}",
+          "${aws_s3_bucket.mybucket[0].arn}/*",
+        ],
+        "Condition" : {
+          "Bool" : {
+            "aws:SecureTransport" : "false"
+          }
+        }
+      },
+    ]
+  })
+}
+
 ##-----------------------------------------------------------------------------
 ## Below resources will create cloudwatch log group and its components. This cloudwatch log group will be used to store vpc flow logs if "flow_log_destination_type" variable is set to "cloud-watch-logs".
 ##-----------------------------------------------------------------------------
diff --git a/variables.tf b/variables.tf
index b43c8b4..2b22d2a 100644
--- a/variables.tf
+++ b/variables.tf
@@ -348,4 +348,10 @@ variable "enable_key_rotation" {
   type        = bool
   default     = true
   description = "Specifies whether key rotation is enabled. Defaults to true(security best practice)"
+}
+
+variable "block_http_traffic" {
+  type        = bool
+  default     = true
+  description = "True when http traffic has to be blocked for S3."
 }
\ No newline at end of file