diff --git a/.cfnlintrc.yaml b/.cfnlintrc.yaml
index 1cfa527..a7bfbe6 100644
--- a/.cfnlintrc.yaml
+++ b/.cfnlintrc.yaml
@@ -2,5 +2,7 @@ ignore_checks:
   - E1001
   - E2531
   - E3001
+  - W2001
+  - W3045
 ignore_templates:
   - templates/tags/*.json
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 7f077cf..99e61c8 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,20 +1,20 @@
 repos:
 -   repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.3.0
+    rev: v4.5.0
     hooks:
     -   id: end-of-file-fixer
     -   id: trailing-whitespace
     -   id: check-ast
 -   repo: https://github.com/adrienverge/yamllint
-    rev: v1.28.0
+    rev: v1.34.0
     hooks:
     -   id: yamllint
 -   repo: https://github.com/awslabs/cfn-python-lint
-    rev: v0.68.0
+    rev: v0.85.1
     hooks:
     -   id: cfn-python-lint
         files: templates/.*\.(json|yml|yaml)$
 -   repo: https://github.com/Lucas-C/pre-commit-hooks
-    rev: v1.3.1
+    rev: v1.5.4
     hooks:
     -   id: remove-tabs
diff --git a/templates/Config/config.yaml b/templates/Config/config.yaml
index 7d7819e..3c7c44d 100644
--- a/templates/Config/config.yaml
+++ b/templates/Config/config.yaml
@@ -1,13 +1,6 @@
 # From https://github.com/org-formation/org-formation-reference/blob/master/src/templates/080-aws-config-inventory/config.yml
 AWSTemplateFormatVersion: '2010-09-09'
 
-# This is an org-formation file, not a cloudformation file therefore some cfn-lint rules do not apply
-# rules reference: https://github.com/aws-cloudformation/cfn-python-lint/blob/master/docs/rules.md#rules-1
-Metadata:
-  cfn-lint:
-    config:
-      ignore_checks: [W2001]
-
 Parameters:
   resourcePrefix:
     Type: String
@@ -34,6 +27,9 @@ Resources:
         BlockPublicPolicy: true
         IgnorePublicAcls: true
         RestrictPublicBuckets: true
+      OwnershipControls:
+        Rules:
+          - ObjectOwnership: BucketOwnerEnforced
       BucketEncryption:
         ServerSideEncryptionConfiguration:
           - ServerSideEncryptionByDefault:
diff --git a/templates/GuardDuty/guard-duty.yaml b/templates/GuardDuty/guard-duty.yaml
index a967e73..6322985 100644
--- a/templates/GuardDuty/guard-duty.yaml
+++ b/templates/GuardDuty/guard-duty.yaml
@@ -24,6 +24,9 @@ Resources:
     Properties:
       BucketName: !Sub '${resourcePrefix}-guardduty-finding'
       AccessControl: Private
+      OwnershipControls:
+        Rules:
+          - ObjectOwnership: BucketOwnerEnforced
       PublicAccessBlockConfiguration:
         BlockPublicAcls: true
         BlockPublicPolicy: true
diff --git a/templates/GuardDuty/trusted-ips-bucket.yaml b/templates/GuardDuty/trusted-ips-bucket.yaml
index cee0b88..8b3b08e 100644
--- a/templates/GuardDuty/trusted-ips-bucket.yaml
+++ b/templates/GuardDuty/trusted-ips-bucket.yaml
@@ -1,11 +1,6 @@
 # From https://github.com/org-formation/org-formation-reference/tree/master/src/templates/070-guard-duty
 AWSTemplateFormatVersion: '2010-09-09'
 
-Metadata:
-  cfn-lint:
-    config:
-      ignore_checks: [W2001]
-
 Parameters:
   resourcePrefix:
     Type: String
diff --git a/templates/PyPlate/python.yaml b/templates/PyPlate/python.yaml
index 60976c7..f5bc01b 100644
--- a/templates/PyPlate/python.yaml
+++ b/templates/PyPlate/python.yaml
@@ -69,7 +69,7 @@ Resources:
               return macro_response
 
       Handler: index.handler
-      Runtime: python3.6
+      Runtime: python3.9
       Role: !GetAtt TransformExecutionRole.Arn
   TransformFunctionPermissions:
     Type: AWS::Lambda::Permission
diff --git a/templates/S3/public-bucket.yaml b/templates/S3/public-bucket.yaml
index f8cbe71..79ce353 100644
--- a/templates/S3/public-bucket.yaml
+++ b/templates/S3/public-bucket.yaml
@@ -5,6 +5,9 @@ Resources:
     DeletionPolicy: Delete
     Properties:
       AccessControl: PublicRead
+      OwnershipControls:
+        Rules:
+          - ObjectOwnership: BucketOwnerEnforced
   BucketPolicy:
     Type: "AWS::S3::BucketPolicy"
     Properties:
diff --git a/templates/managed-s3Web.yaml b/templates/managed-s3Web.yaml
index aa0dcf3..a34bcad 100644
--- a/templates/managed-s3Web.yaml
+++ b/templates/managed-s3Web.yaml
@@ -18,6 +18,9 @@ Resources:
     Type: 'AWS::S3::Bucket'
     Properties:
       AccessControl: LogDeliveryWrite
+      OwnershipControls:
+        Rules:
+          - ObjectOwnership: BucketOwnerEnforced
       BucketName: !Join
         - '.'
         - [!Ref SubDomainName, !Ref DomainName, 'logs']
@@ -25,6 +28,9 @@ Resources:
     Type: AWS::S3::Bucket
     Properties:
       AccessControl: PublicRead
+      OwnershipControls:
+        Rules:
+          - ObjectOwnership: BucketOwnerEnforced
       BucketName: !Join
         - '.'
         - [!Ref SubDomainName, !Ref DomainName]
diff --git a/templates/managed-s3WebCloudfront.yaml b/templates/managed-s3WebCloudfront.yaml
index 8040f7b..98219f7 100644
--- a/templates/managed-s3WebCloudfront.yaml
+++ b/templates/managed-s3WebCloudfront.yaml
@@ -23,6 +23,9 @@ Resources:
     Type: 'AWS::S3::Bucket'
     Properties:
       AccessControl: LogDeliveryWrite
+      OwnershipControls:
+        Rules:
+          - ObjectOwnership: BucketOwnerEnforced
       BucketName: !Join
         - '.'
         - [!Ref SubDomainName, !Ref DomainName, 'logs']
@@ -30,6 +33,9 @@ Resources:
     Type: AWS::S3::Bucket
     Properties:
       AccessControl: PublicRead
+      OwnershipControls:
+        Rules:
+          - ObjectOwnership: BucketOwnerEnforced
       BucketName: !Join
         - '.'
         - [!Ref SubDomainName, !Ref DomainName]
diff --git a/templates/s3-redirector.yaml b/templates/s3-redirector.yaml
index 4445678..ca5741d 100644
--- a/templates/s3-redirector.yaml
+++ b/templates/s3-redirector.yaml
@@ -38,6 +38,9 @@ Resources:
     Type: AWS::S3::Bucket
     Properties:
       AccessControl: PublicRead
+      OwnershipControls:
+        Rules:
+          - ObjectOwnership: BucketOwnerEnforced
       BucketName: !Ref SourceHostName
       WebsiteConfiguration:
         IndexDocument: index.html