diff --git a/terraform/lb.tf b/terraform/lb.tf
index 52c6bbd..4749d05 100644
--- a/terraform/lb.tf
+++ b/terraform/lb.tf
@@ -21,6 +21,12 @@ resource "aws_lb" "lb" {
   load_balancer_type = var.loadbalancer == "alb" ? "application" : "network"
   security_groups    = var.loadbalancer == "alb" ? [aws_security_group.roxprox-alb[0].id] : []
 
+  access_logs {
+    bucket  = var.bucket_lb_logs
+    prefix  = "roxprox-lb"
+    enabled = var.enable_lb_logs
+  }
+
   enable_deletion_protection = true
 }
 
@@ -42,7 +48,7 @@ resource "aws_lb_listener_certificate" "extra-certificates" {
   count           = length(var.loadbalancer_alb_cert_extra)
   listener_arn    = aws_lb_listener.lb-https.arn
   certificate_arn = element(data.aws_acm_certificate.alb_cert_extra.*.arn, count.index)
-} 
+}
 
 resource "aws_lb_listener_rule" "lb-https-redirect" {
   count        = var.loadbalancer_https_forwarding ? 1 : 0
@@ -114,4 +120,3 @@ resource "aws_lb_target_group" "envoy-proxy-https" {
     interval            = 30
   }
 }
-
diff --git a/terraform/variables.tf b/terraform/variables.tf
index c317de8..0d12d81 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -51,6 +51,16 @@ variable "lb_subnets" {
   description = "loadbalancer subnets to use"
 }
 
+variable "enable_lb_logs" {
+  description = "true to enable logs for LB"
+  default     = "false"
+}
+
+variable "bucket_lb_logs" {
+  description = "name of s3 bucket to use for lb logs"
+}
+
+
 variable "s3_bucket" {
   description = "name of s3 bucket to use"
 }
@@ -178,4 +188,4 @@ variable "datadog_extra_task_execution_policy" {
 variable "datadog_env" {
   description = "datadog APM default enviroment"
   default     = "none"
-}
\ No newline at end of file
+}