diff --git a/apigw-lambda-dynamodb-terraform/.gitignore b/apigw-lambda-dynamodb-terraform/.gitignore
new file mode 100644
index 000000000..e1c9d6254
--- /dev/null
+++ b/apigw-lambda-dynamodb-terraform/.gitignore
@@ -0,0 +1 @@
+src.zip
diff --git a/apigw-lambda-dynamodb-terraform/main.tf b/apigw-lambda-dynamodb-terraform/main.tf
index 00c777023..78df88551 100644
--- a/apigw-lambda-dynamodb-terraform/main.tf
+++ b/apigw-lambda-dynamodb-terraform/main.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 4.0.0"
+      version = "~> 5.0"
     }
     random = {
       source  = "hashicorp/random"
@@ -56,9 +56,13 @@ resource "aws_s3_bucket" "lambda_bucket" {
   force_destroy = true
 }
 
-resource "aws_s3_bucket_acl" "private_bucket" {
+resource "aws_s3_bucket_public_access_block" "private_bucket" {
   bucket = aws_s3_bucket.lambda_bucket.id
-  acl    = "private"
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
 }
 
 data "archive_file" "lambda_zip" {
@@ -85,7 +89,7 @@ resource "aws_lambda_function" "apigw_lambda_ddb" {
   s3_bucket = aws_s3_bucket.lambda_bucket.id
   s3_key    = aws_s3_object.this.key
 
-  runtime = "python3.8"
+  runtime = "python3.13"
   handler = "app.lambda_handler"
 
   source_code_hash = data.archive_file.lambda_zip.output_base64sha256
@@ -222,4 +226,4 @@ resource "aws_lambda_permission" "api_gw" {
   principal     = "apigateway.amazonaws.com"
 
   source_arn = "${aws_apigatewayv2_api.http_lambda.execution_arn}/*/*"
-}
\ No newline at end of file
+}