diff --git a/infrastructure/terragrunt/aws/load-balancer/load-balancer.tf b/infrastructure/terragrunt/aws/load-balancer/load-balancer.tf
index 468886b19..710ac02fd 100644
--- a/infrastructure/terragrunt/aws/load-balancer/load-balancer.tf
+++ b/infrastructure/terragrunt/aws/load-balancer/load-balancer.tf
@@ -61,10 +61,11 @@ resource "aws_lb_target_group" "wordpress" {
 }
 
 resource "aws_lb_listener" "wordpress" {
+  # checkov:skip=CKV_AWS_103: false-positive, SSL policy is TLS1.2+
   load_balancer_arn = aws_lb.wordpress.arn
   port              = "443"
   protocol          = "HTTPS"
-  ssl_policy        = "ELBSecurityPolicy-FS-1-2-Res-2019-08"
+  ssl_policy        = "ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04"
   certificate_arn   = aws_acm_certificate.wordpress.arn
 
   default_action {
diff --git a/infrastructure/terragrunt/aws/load-balancer/s3.tf b/infrastructure/terragrunt/aws/load-balancer/s3.tf
index d94b830af..8f2b445cc 100644
--- a/infrastructure/terragrunt/aws/load-balancer/s3.tf
+++ b/infrastructure/terragrunt/aws/load-balancer/s3.tf
@@ -20,7 +20,7 @@ resource "aws_s3_bucket" "cloudfront_logs" {
 
     expiration {
       days                         = 30
-      expired_object_delete_marker = true
+      expired_object_delete_marker = false
     }
 
     noncurrent_version_expiration {