Directly disabling public ACLs and bucket policies in AWS console?

On modifying the 3 top settings here for the logs and settings buckets:
(Being the settings related to Public ACLs and Public Bucket Policies.)

On deploying, I get a 403 AccessDenied error.

Why? What in Convox requires Public ACLs or Public Bucket Policies?

Just verifying that nothing is exposed via these buckets.