diff --git a/_docs/data/data.yaml b/_docs/data/data.yaml
index a4f52b2..3441f72 100644
--- a/_docs/data/data.yaml
+++ b/_docs/data/data.yaml
@@ -48,8 +48,8 @@ properties:
     type: bool
     required: false
 
-  access:
-    description: Access control settings.
+  acl:
+    description: Access control list.
     type: map
     required: false
 
diff --git a/cmd/drone-s3-sync/config.go b/cmd/drone-s3-sync/config.go
index 0ee7c11..ecdb7d5 100644
--- a/cmd/drone-s3-sync/config.go
+++ b/cmd/drone-s3-sync/config.go
@@ -78,9 +78,9 @@ func settingsFlags(settings *plugin.Settings, category string) []cli.Flag {
 			Category:    category,
 		},
 		&cli.GenericFlag{
-			Name:     "access",
-			Usage:    "access control settings",
-			EnvVars:  []string{"PLUGIN_ACCESS", "PLUGIN_ACL"},
+			Name:     "acl",
+			Usage:    "access control list",
+			EnvVars:  []string{"PLUGIN_ACL"},
 			Value:    &StringMapFlag{},
 			Category: category,
 		},
diff --git a/cmd/drone-s3-sync/main.go b/cmd/drone-s3-sync/main.go
index 6d534de..f39ecd0 100644
--- a/cmd/drone-s3-sync/main.go
+++ b/cmd/drone-s3-sync/main.go
@@ -44,7 +44,7 @@ func run(settings *plugin.Settings) cli.ActionFunc {
 	return func(ctx *cli.Context) error {
 		urfave.LoggingFromContext(ctx)
 
-		settings.Access = ctx.Generic("access").(*StringMapFlag).Get()
+		settings.ACL = ctx.Generic("acl").(*StringMapFlag).Get()
 		settings.CacheControl = ctx.Generic("cache-control").(*StringMapFlag).Get()
 		settings.ContentType = ctx.Generic("content-type").(*StringMapFlag).Get()
 		settings.ContentEncoding = ctx.Generic("content-encoding").(*StringMapFlag).Get()
diff --git a/plugin/aws.go b/plugin/aws.go
index ea43263..27bed9c 100644
--- a/plugin/aws.go
+++ b/plugin/aws.go
@@ -67,16 +67,16 @@ func (a *AWS) Upload(local, remote string) error {
 
 	defer file.Close()
 
-	var access string
-	for pattern := range p.settings.Access {
+	var acl string
+	for pattern := range p.settings.ACL {
 		if match := glob.Glob(pattern, local); match {
-			access = p.settings.Access[pattern]
+			acl = p.settings.ACL[pattern]
 			break
 		}
 	}
 
-	if access == "" {
-		access = "private"
+	if acl == "" {
+		acl = "private"
 	}
 
 	fileExt := filepath.Ext(local)
@@ -128,13 +128,13 @@ func (a *AWS) Upload(local, remote string) error {
 			return err
 		}
 
-		logrus.Debugf("'%s' not found in bucket, uploading with content-type '%s' and permissions '%s'", local, contentType, access)
+		logrus.Debugf("'%s' not found in bucket, uploading with content-type '%s' and permissions '%s'", local, contentType, acl)
 		putObject := &s3.PutObjectInput{
 			Bucket:      aws.String(p.settings.Bucket),
 			Key:         aws.String(remote),
 			Body:        file,
 			ContentType: aws.String(contentType),
-			ACL:         aws.String(access),
+			ACL:         aws.String(acl),
 			Metadata:    metadata,
 		}
 
@@ -218,27 +218,27 @@ func (a *AWS) Upload(local, remote string) error {
 				return err
 			}
 
-			previousAccess := "private"
+			previousACL := "private"
 			for _, g := range grant.Grants {
 				gt := *g.Grantee
 				if gt.URI != nil {
 					if *gt.URI == "http://acs.amazonaws.com/groups/global/AllUsers" {
 						if *g.Permission == "READ" {
-							previousAccess = "public-read"
+							previousACL = "public-read"
 						} else if *g.Permission == "WRITE" {
-							previousAccess = "public-read-write"
+							previousACL = "public-read-write"
 						}
 					}
 					if *gt.URI == "http://acs.amazonaws.com/groups/global/AuthenticatedUsers" {
 						if *g.Permission == "READ" {
-							previousAccess = "authenticated-read"
+							previousACL = "authenticated-read"
 						}
 					}
 				}
 			}
 
-			if previousAccess != access {
-				logrus.Debugf("permissions for '%s' have changed from '%s' to '%s'", remote, previousAccess, access)
+			if previousACL != acl {
+				logrus.Debugf("permissions for '%s' have changed from '%s' to '%s'", remote, previousACL, acl)
 				shouldCopy = true
 			}
 		}
@@ -248,12 +248,12 @@ func (a *AWS) Upload(local, remote string) error {
 			return nil
 		}
 
-		logrus.Debugf("updating metadata for '%s' content-type: '%s', ACL: '%s'", local, contentType, access)
+		logrus.Debugf("updating metadata for '%s' content-type: '%s', ACL: '%s'", local, contentType, acl)
 		copyObject := &s3.CopyObjectInput{
 			Bucket:            aws.String(p.settings.Bucket),
 			Key:               aws.String(remote),
 			CopySource:        aws.String(fmt.Sprintf("%s/%s", p.settings.Bucket, remote)),
-			ACL:               aws.String(access),
+			ACL:               aws.String(acl),
 			ContentType:       aws.String(contentType),
 			Metadata:          metadata,
 			MetadataDirective: aws.String("REPLACE"),
@@ -281,13 +281,13 @@ func (a *AWS) Upload(local, remote string) error {
 		return err
 	}
 
-	logrus.Debugf("uploading '%s' with content-type '%s' and permissions '%s'", local, contentType, access)
+	logrus.Debugf("uploading '%s' with content-type '%s' and permissions '%s'", local, contentType, acl)
 	putObject := &s3.PutObjectInput{
 		Bucket:      aws.String(p.settings.Bucket),
 		Key:         aws.String(remote),
 		Body:        file,
 		ContentType: aws.String(contentType),
-		ACL:         aws.String(access),
+		ACL:         aws.String(acl),
 		Metadata:    metadata,
 	}
 
diff --git a/plugin/impl.go b/plugin/impl.go
index 13b9150..d1536a9 100644
--- a/plugin/impl.go
+++ b/plugin/impl.go
@@ -19,7 +19,7 @@ type Settings struct {
 	Source                 string
 	Target                 string
 	Delete                 bool
-	Access                 map[string]string
+	ACL                    map[string]string
 	CacheControl           map[string]string
 	ContentType            map[string]string
 	ContentEncoding        map[string]string