diff --git a/infrastructure/modules/aws-backup-source/README.md b/infrastructure/modules/aws-backup-source/README.md
index 1b30063..419aa6c 100644
--- a/infrastructure/modules/aws-backup-source/README.md
+++ b/infrastructure/modules/aws-backup-source/README.md
@@ -73,6 +73,8 @@ No requirements.
 | <a name="input_restore_testing_plan_scheduled_expression"></a> [restore\_testing\_plan\_scheduled\_expression](#input\_restore\_testing\_plan\_scheduled\_expression) | Scheduled Expression of Recovery Selection Point | `string` | `"cron(0 1 ? * SUN *)"` | no |
 | <a name="input_restore_testing_plan_selection_window_days"></a> [restore\_testing\_plan\_selection\_window\_days](#input\_restore\_testing\_plan\_selection\_window\_days) | Selection window days | `number` | `7` | no |
 | <a name="input_restore_testing_plan_start_window"></a> [restore\_testing\_plan\_start\_window](#input\_restore\_testing\_plan\_start\_window) | Start window from the scheduled time during which the test should start | `number` | `1` | no |
+| <a name="input_vault_max_retention_days"></a> [vault\_max\_retention\_days](#input\_vault\_max\_retention\_days) | Maximum retention days for the vault lock | `number` | `35` | no |
+| <a name="input_vault_min_retention_days"></a> [vault\_min\_retention\_days](#input\_vault\_min\_retention\_days) | Minimum retention days for the vault lock | `number` | `7` | no |
 ## Modules
 
 No modules.
diff --git a/infrastructure/modules/aws-backup-source/backup_framework_dynamodb.tf b/infrastructure/modules/aws-backup-source/backup_framework_dynamodb.tf
index 34a6826..8d1ecb8 100644
--- a/infrastructure/modules/aws-backup-source/backup_framework_dynamodb.tf
+++ b/infrastructure/modules/aws-backup-source/backup_framework_dynamodb.tf
@@ -44,7 +44,7 @@ resource "aws_backup_framework" "dynamodb" {
 
     input_parameter {
       name  = "requiredRetentionDays"
-      value = "35"
+      value = "31"
     }
   }
 
@@ -65,7 +65,7 @@ resource "aws_backup_framework" "dynamodb" {
 
     input_parameter {
       name  = "requiredRetentionDays"
-      value = "35"
+      value = "31"
     }
 
     input_parameter {
diff --git a/infrastructure/modules/aws-backup-source/backup_framework_s3.tf b/infrastructure/modules/aws-backup-source/backup_framework_s3.tf
index bd49928..5ca017f 100644
--- a/infrastructure/modules/aws-backup-source/backup_framework_s3.tf
+++ b/infrastructure/modules/aws-backup-source/backup_framework_s3.tf
@@ -44,7 +44,7 @@ resource "aws_backup_framework" "s3" {
 
     input_parameter {
       name  = "requiredRetentionDays"
-      value = "35"
+      value = "31"
     }
   }
 
@@ -65,7 +65,7 @@ resource "aws_backup_framework" "s3" {
 
     input_parameter {
       name  = "requiredRetentionDays"
-      value = "35"
+      value = "31"
     }
 
     input_parameter {
diff --git a/infrastructure/modules/aws-backup-source/backup_vault_lock_configuration.tf b/infrastructure/modules/aws-backup-source/backup_vault_lock_configuration.tf
new file mode 100644
index 0000000..e67ac33
--- /dev/null
+++ b/infrastructure/modules/aws-backup-source/backup_vault_lock_configuration.tf
@@ -0,0 +1,6 @@
+resource "aws_backup_vault_lock_configuration" "main" {
+  backup_vault_name   = aws_backup_vault.main.name
+  changeable_for_days = 30
+  max_retention_days  = var.vault_max_retention_days
+  min_retention_days  = var.vault_min_retention_days
+}
diff --git a/infrastructure/modules/aws-backup-source/variables.tf b/infrastructure/modules/aws-backup-source/variables.tf
index 9a6f8a1..49e2225 100644
--- a/infrastructure/modules/aws-backup-source/variables.tf
+++ b/infrastructure/modules/aws-backup-source/variables.tf
@@ -221,3 +221,15 @@ variable "backup_plan_config_dynamodb" {
     ]
   }
 }
+
+variable "vault_max_retention_days" {
+  type        = number
+  description = "Maximum retention days for the vault lock"
+  default     = 35
+}
+
+variable "vault_min_retention_days" {
+  type        = number
+  description = "Minimum retention days for the vault lock"
+  default     = 7
+}