Bucket won't stay public

[cd-oksana]

Describe the Bug

override_origin_bucket_policy = true option should let me set new policy but it doesn't and every time I do tf apply is switches between mine and origin

 tf state show 'module.cdn.aws_s3_bucket_public_access_block.origin[0]'
# module.cdn.aws_s3_bucket_public_access_block.origin[0]:
resource "aws_s3_bucket_public_access_block" "origin" {
    block_public_acls       = true
    block_public_policy     = false
    bucket                  = "bucket_name"
    id                      = "bucket_name"
    ignore_public_acls      = true
    restrict_public_buckets = false
}

 tf state show aws_s3_bucket_public_access_block.assets_bucket         
# aws_s3_bucket_public_access_block.assets_bucket:
resource "aws_s3_bucket_public_access_block" "assets_bucket" {
    block_public_acls       = false
    block_public_policy     = false
    bucket                  = "bucket_name"
    id                      = "bucket_name"
    ignore_public_acls      = false
    restrict_public_buckets = false
}

Expected Behavior

should overwrite default orogin policy with mine

Steps to Reproduce

Create resource and add your own policy

module "cdn" {
  source                             = "cloudposse/cloudfront-s3-cdn/aws"
  version                            = "0.98.0"
  context                            = module.this.context
  name                               = "assets"
  aliases                            = [local.cdn_fqdn]
  dns_alias_enabled                  = true
  parent_zone_name                   = "zone"
  cloudfront_access_logging_enabled  = false
  acm_certificate_arn                = aws_acm_certificate.cdn_service_cert.arn
  versioning_enabled                 = true
  origin_access_type                 = "origin_access_identity"
  override_origin_bucket_policy      = true
  s3_origins = [{
    domain_name              = module.assets_backup.bucket_regional_domain_name
    origin_id                = module.assets_backup.bucket_id
    origin_path              = null
    origin_access_control_id = null
    s3_origin_config = {
      origin_access_identity = null # will get translated to the origin_access_identity used by the origin created by this module.
    }
  }]
  origin_groups = [{
    primary_origin_id  = null # will get translated to the origin id of the origin created by this module.
    failover_origin_id = module.assets_backup.bucket_id
    failover_criteria = [
      403,
      404,
      500,
      502
    ]
  }]
  minimum_protocol_version = "TLSv1.2_2021"
  bucket_versioning        = "Enabled"
}

resource "aws_s3_bucket_public_access_block" "assets_bucket" {
    block_public_acls       = false
    ignore_public_acls      = false
    block_public_policy     = false
    restrict_public_buckets = false
    bucket                  = module.cdn.s3_bucket
}

Screenshots

No response

Environment

OS: OSX
TF version: 1.6.2
module version: 0.98.0

Additional Context