diff --git a/charts/atlantis/templates/statefulset.yaml b/charts/atlantis/templates/statefulset.yaml
index 22dff835..529380f1 100644
--- a/charts/atlantis/templates/statefulset.yaml
+++ b/charts/atlantis/templates/statefulset.yaml
@@ -37,6 +37,9 @@ spec:
         {{- if .Values.initConfig.enabled }}
         checksum/init-config: {{ include (print $.Template.BasePath "/configmap-init-config.yaml") . | sha256sum }}
         {{- end }}
+        {{- if .Values.aws }}
+        checksum/aws-secret: {{ include (print $.Template.BasePath "/secret-aws.yaml") . | sha256sum }}
+        {{- end }}
         {{- if .Values.podTemplate.annotations }}
         {{- toYaml .Values.podTemplate.annotations | nindent 8 }}
         {{- end }}
@@ -86,10 +89,12 @@ spec:
       {{- if .Values.gitconfig }}
       - name: gitconfig-volume
         secret:
+          defaultMode: 0660
           secretName: {{ template "atlantis.fullname" . }}-gitconfig
       {{- else if .Values.gitconfigSecretName }}
       - name: gitconfig-volume
         secret:
+          defaultMode: 0660
           secretName: {{ .Values.gitconfigSecretName }}
       {{- end }}
       {{- if .Values.netrc }}
@@ -526,11 +531,12 @@ spec:
             readOnly: true
             mountPath: {{ $.Values.aws.directory | default "/home/atlantis/.aws" }}/{{ $filename }}
             subPath: {{ $filename }}
-          {{- else if has $filename (list "awsSecretName") }}
+          {{- end }}
+          {{- end }}
+          {{- if .Values.awsSecretName }}
           - name: aws-volume
             readOnly: true
-            mountPath: {{ $.Values.aws.directory | default "/home/atlantis/.aws" }}
-          {{- end }}
+            mountPath: {{ .Values.aws.directory | default "/home/atlantis/.aws" }}
           {{- end }}
           {{- if .Values.tlsSecretName }}
           - name: tls
diff --git a/charts/atlantis/tests/statefulset_test.yaml b/charts/atlantis/tests/statefulset_test.yaml
index 552bbf1c..e84acc6e 100644
--- a/charts/atlantis/tests/statefulset_test.yaml
+++ b/charts/atlantis/tests/statefulset_test.yaml
@@ -332,6 +332,7 @@ tests:
           value:
             name: gitconfig-volume
             secret:
+              defaultMode: 432
               secretName: my-release-atlantis-gitconfig
       - equal:
           path: spec.template.spec.containers[0].volumeMounts[?(@.name ==
@@ -351,6 +352,7 @@ tests:
           value:
             name: gitconfig-volume
             secret:
+              defaultMode: 432
               secretName: atlantis-gitconfig
       - equal:
           path: spec.template.spec.containers[0].volumeMounts[?(@.name ==