diff --git a/main.tf b/main.tf
index 9b2aaee..38316dd 100644
--- a/main.tf
+++ b/main.tf
@@ -12,6 +12,10 @@ module "metaflow-datastore" {
   subnet1_id                         = var.subnet1_id
   subnet2_id                         = var.subnet2_id
 
+  enable_versioning       = var.enable_s3_versioning
+  backup_retention_period = var.rds_backup_retention_period
+  preferred_backup_window = var.rds_preferred_backup_window
+
   db_instance_type  = var.db_instance_type
   db_engine_version = var.db_engine_version
 
diff --git a/modules/datastore/rds.tf b/modules/datastore/rds.tf
index cddfa76..9d1c226 100644
--- a/modules/datastore/rds.tf
+++ b/modules/datastore/rds.tf
@@ -71,6 +71,9 @@ resource "aws_rds_cluster" "this" {
   engine_version    = var.db_engine_version
   storage_encrypted = true
 
+  backup_retention_period = var.backup_retention_period
+  preferred_backup_window = var.preferred_backup_window
+
   final_snapshot_identifier = "${var.resource_prefix}${var.db_name}-final-snapshot${var.resource_suffix}-${random_pet.final_snapshot_id.id}" # Snapshot upon delete
   vpc_security_group_ids    = [aws_security_group.rds_security_group.id]
 
@@ -114,6 +117,7 @@ resource "aws_db_instance" "this" {
   multi_az                  = true                                                                                                           # Multiple availability zone?
   final_snapshot_identifier = "${var.resource_prefix}${var.db_name}-final-snapshot${var.resource_suffix}-${random_pet.final_snapshot_id.id}" # Snapshot upon delete
   vpc_security_group_ids    = [aws_security_group.rds_security_group.id]
+  backup_retention_period   = var.backup_retention_period
 
   tags = merge(
     var.standard_tags,
diff --git a/modules/datastore/s3.tf b/modules/datastore/s3.tf
index b5ba180..19e3dcf 100644
--- a/modules/datastore/s3.tf
+++ b/modules/datastore/s3.tf
@@ -19,6 +19,14 @@ resource "aws_s3_bucket" "this" {
   )
 }
 
+resource "aws_s3_bucket_versioning" "this" {
+  count  = var.enable_versioning ? 1 : 0
+  bucket = aws_s3_bucket.this.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
 resource "aws_s3_bucket_public_access_block" "this" {
   bucket = aws_s3_bucket.this.id
 
diff --git a/modules/datastore/variables.tf b/modules/datastore/variables.tf
index e294391..a238d9f 100644
--- a/modules/datastore/variables.tf
+++ b/modules/datastore/variables.tf
@@ -71,3 +71,21 @@ variable "enable_key_rotation" {
   description = "Enable key rotation for KMS keys"
   default     = false
 }
+
+variable "enable_versioning" {
+  type        = bool
+  description = "Enable versioning for S3 bucket"
+  default     = false
+}
+
+variable "backup_retention_period" {
+  description = "The days to retain backups for"
+  type        = number
+  default     = null
+}
+
+variable "preferred_backup_window" {
+  description = "The daily time range during which automated backups are created if automated backups are enabled using the `backup_retention_period` parameter. Time in UTC"
+  type        = string
+  default     = "02:00-03:00"
+}
diff --git a/variables.tf b/variables.tf
index 1738c0b..2a3d49f 100644
--- a/variables.tf
+++ b/variables.tf
@@ -199,3 +199,21 @@ variable "enable_key_rotation" {
   description = "Enable key rotation for KMS keys"
   default     = false
 }
+
+variable "enable_s3_versioning" {
+  type        = bool
+  description = "Enable versioning for S3 bucket"
+  default     = false
+}
+
+variable "rds_backup_retention_period" {
+  description = "The days to retain backups for"
+  type        = number
+  default     = null
+}
+
+variable "rds_preferred_backup_window" {
+  description = "The daily time range during which automated backups are created if automated backups are enabled using the `backup_retention_period` parameter. Time in UTC"
+  type        = string
+  default     = "02:00-03:00"
+}