diff --git a/README.md b/README.md
index 16afa1a..5697c5d 100644
--- a/README.md
+++ b/README.md
@@ -1312,6 +1312,32 @@ Type: `string`
 
 Default: `""`
 
+### <a name="input_rds_s3_dump_block_public_access"></a> [rds\_s3\_dump\_block\_public\_access](#input\_rds\_s3\_dump\_block\_public\_access)
+
+Description: Object that defines which public access should be blocked
+
+Type:
+
+```hcl
+object({
+    block_public_acls       = bool
+    block_public_policy     = bool
+    ignore_public_acls      = bool
+    restrict_public_buckets = bool
+  })
+```
+
+Default:
+
+```json
+{
+  "block_public_acls": true,
+  "block_public_policy": true,
+  "ignore_public_acls": true,
+  "restrict_public_buckets": true
+}
+```
+
 ### <a name="input_rds_s3_dump_lifecycle_rules"></a> [rds\_s3\_dump\_lifecycle\_rules](#input\_rds\_s3\_dump\_lifecycle\_rules)
 
 Description: RDS S3 Dump Lifecycle rules
diff --git a/rds-s3-dumps.tf b/rds-s3-dumps.tf
index c1377fe..527ae3f 100644
--- a/rds-s3-dumps.tf
+++ b/rds-s3-dumps.tf
@@ -158,6 +158,17 @@ resource "aws_s3_bucket_acl" "rds_dumps" {
   acl    = "private"
 }
 
+resource "aws_s3_bucket_public_access_block" "archive" {
+  count = local.rds_dumps_enabled ? 1 : 0
+
+  bucket = aws_s3_bucket.rds_dumps[count.index].id
+
+  block_public_acls       = var.rds_s3_dump_block_public_access.block_public_acls
+  block_public_policy     = var.rds_s3_dump_block_public_access.block_public_policy
+  ignore_public_acls      = var.rds_s3_dump_block_public_access.ignore_public_acls
+  restrict_public_buckets = var.rds_s3_dump_block_public_access.restrict_public_buckets
+}
+
 resource "aws_iam_role_policy" "rds_dumps_role" {
   count = local.rds_dumps_enabled && var.rds_s3_dump_role_arn == "" ? 1 : 0
 
diff --git a/route53.tf b/route53.tf
index 338175a..b170c29 100644
--- a/route53.tf
+++ b/route53.tf
@@ -4,7 +4,7 @@
 locals {
   public_endpoint_enabled  = var.aws_route53_zone_endpoints_enabled && var.aws_route53_zone_public_endpoint_enabled
   private_endpoint_enabled = var.aws_route53_zone_endpoints_enabled && var.aws_route53_zone_private_endpoint_enabled
-  subdomain_name           = length(var.aws_route53_rds_subdomain_override) > 0 ? var.aws_route53_rds_subdomain_override : join(".", [module.rds.db_instance_id, local.rds_dns_subdomains[var.rds_engine]])
+  subdomain_name           = length(var.aws_route53_rds_subdomain_override) > 0 ? var.aws_route53_rds_subdomain_override : join(".", [module.rds.db_instance_identifier, local.rds_dns_subdomains[var.rds_engine]])
 }
 
 data "aws_route53_zone" "public_endpoint" {
diff --git a/variables.tf b/variables.tf
index 167ab98..7ad8fcd 100644
--- a/variables.tf
+++ b/variables.tf
@@ -787,6 +787,22 @@ variable "rds_s3_dump_role_arn" {
   default     = ""
 }
 
+variable "rds_s3_dump_block_public_access" {
+  description = "Object that defines which public access should be blocked"
+  type = object({
+    block_public_acls       = bool
+    block_public_policy     = bool
+    ignore_public_acls      = bool
+    restrict_public_buckets = bool
+  })
+  default = {
+    block_public_acls       = true
+    block_public_policy     = true
+    ignore_public_acls      = true
+    restrict_public_buckets = true
+  }
+}
+
 variable "rds_s3_dump_lifecycle_rules" {
   description = "RDS S3 Dump Lifecycle rules"
   default     = []