diff --git a/aws-s3-terraform/.gitignore b/aws-s3-terraform/.gitignore
new file mode 100644
index 0000000..5b5fa30
--- /dev/null
+++ b/aws-s3-terraform/.gitignore
@@ -0,0 +1,2 @@
+.terraform/
+.terraform.lock.hcl
\ No newline at end of file
diff --git a/aws-s3-terraform/main.tf b/aws-s3-terraform/main.tf
new file mode 100644
index 0000000..1fb5bac
--- /dev/null
+++ b/aws-s3-terraform/main.tf
@@ -0,0 +1,41 @@
+terraform {
+  backend "s3" {
+    bucket = "jumiker-terraform"
+    key    = "lwihkiak"
+    region = "ap-southeast-2"
+  }
+}
+
+provider "aws" {
+  region = "ap-southeast-2"
+}
+
+resource "aws_s3_bucket" "lwihkiak" {
+  bucket = "lwihkiak"
+}
+
+resource "aws_s3_bucket_ownership_controls" "lwihkiak" {
+  bucket = aws_s3_bucket.lwihkiak.id
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
+resource "aws_s3_bucket_public_access_block" "lwihkiak" {
+  bucket = aws_s3_bucket.lwihkiak.id
+
+  block_public_acls       = false
+  block_public_policy     = false
+  ignore_public_acls      = false
+  restrict_public_buckets = false
+}
+
+resource "aws_s3_bucket_acl" "lwihkiak" {
+  depends_on = [
+    aws_s3_bucket_ownership_controls.lwihkiak,
+    aws_s3_bucket_public_access_block.lwihkiak,
+  ]
+
+  bucket = aws_s3_bucket.lwihkiak.id
+  acl    = "public-read"
+}
\ No newline at end of file
diff --git a/scripts/refresh-security-playgrounds.sh b/scripts/refresh-security-playgrounds.sh
index 3f974cf..422caf5 100755
--- a/scripts/refresh-security-playgrounds.sh
+++ b/scripts/refresh-security-playgrounds.sh
@@ -6,4 +6,4 @@ kubectl delete --all pods --namespace=security-playground-restricted-nodrift
 kubectl delete --all pods --namespace=security-playground-restricted-nomalware
 kubectl delete -f ./generated-network-policy.yml
 kubectl delete -f ./generated-network-policy2.yml
-kubectl apply -f ../k8s-manifests/04-security-playground-deployment.yaml
\ No newline at end of file
+kubectl apply -f example-scenarios/k8s-manifests/04-security-playground-deployment.yaml
\ No newline at end of file
diff --git a/scripts/test-all-workshop-commands.sh b/scripts/test-all-workshop-commands.sh
index 4c8eb75..0cd512e 100755
--- a/scripts/test-all-workshop-commands.sh
+++ b/scripts/test-all-workshop-commands.sh
@@ -10,6 +10,7 @@
 #./example-curls-bucket-public.sh
 #export SECURE_API_TOKEN=token
 #./sysdig-cli-scanner -a app.au1.sysdig.com logstash:7.16.1
+#./sysdig-cli-scanner -a app.au1.sysdig.com --iac example-scenarios/k8s-manifests/04-security-playground-deployment.yaml
 ./example-curls-networkpolicy.sh
 kubectl apply -f ./generated-network-policy.yml
 sleep 10