diff --git a/assets/queries/terraform/aws/s3_bucket_acl_allows_read_or_write_to_all_users/query.rego b/assets/queries/terraform/aws/s3_bucket_acl_allows_read_or_write_to_all_users/query.rego
index fd6c8abbbba..487c556a2a2 100644
--- a/assets/queries/terraform/aws/s3_bucket_acl_allows_read_or_write_to_all_users/query.rego
+++ b/assets/queries/terraform/aws/s3_bucket_acl_allows_read_or_write_to_all_users/query.rego
@@ -43,6 +43,7 @@ CxPolicy[result] {
 
 # version after TF AWS 4.0
 CxPolicy[result] {
+	input.document[_].resource.aws_s3_bucket[bucketName]
 	some document in input.document
 	acl := document.resource.aws_s3_bucket_acl[name]
 	split(acl.bucket, ".")[1] == bucketName
diff --git a/assets/queries/terraform/aws/s3_bucket_acl_allows_read_to_any_authenticated_user/query.rego b/assets/queries/terraform/aws/s3_bucket_acl_allows_read_to_any_authenticated_user/query.rego
index e4edf4eccfa..cc39d00572f 100644
--- a/assets/queries/terraform/aws/s3_bucket_acl_allows_read_to_any_authenticated_user/query.rego
+++ b/assets/queries/terraform/aws/s3_bucket_acl_allows_read_to_any_authenticated_user/query.rego
@@ -43,6 +43,7 @@ CxPolicy[result] {
 
 # version after TF AWS 4.0
 CxPolicy[result] {
+	input.document[_].resource.aws_s3_bucket[bucketName]
 	some document in input.document
 	acl := document.resource.aws_s3_bucket_acl[name]
 	split(acl.bucket, ".")[1] == bucketName