diff --git a/cloudtrail/README.md b/cloudtrail/README.md
index c0c0db9..6910f8e 100644
--- a/cloudtrail/README.md
+++ b/cloudtrail/README.md
@@ -207,6 +207,7 @@ No modules.
 | <a name="input_additional_sqs_names"></a> [additional\_sqs\_names](#input\_additional\_sqs\_names) | List of additional SQS queues to create and subscribe to the SNS topic (if enabled) | `list(string)` | `[]` | no |
 | <a name="input_cloudtrail_bucket_prefix"></a> [cloudtrail\_bucket\_prefix](#input\_cloudtrail\_bucket\_prefix) | Access log bucket prefix, to which the bucket name will be appended to make the target\_prefix | `string` | `"cloudtrail"` | no |
 | <a name="input_component_tags"></a> [component\_tags](#input\_component\_tags) | Additional tags for Components (s3, kms, ddb) | `map(map(string))` | <pre>{<br>  "ddb": {},<br>  "kms": {},<br>  "s3": {}<br>}</pre> | no |
+| <a name="input_enable_cloudwatch_logs"></a> [enable\_cloudwatch\_logs](#input\_enable\_cloudwatch\_logs) | Enable CloudWatch Logs for this CloudTrail | `bool` | `false` | no |
 | <a name="input_enable_organization"></a> [enable\_organization](#input\_enable\_organization) | Enable CloudTrail as an organization trail. This will only work in the organization master account | `bool` | `false` | no |
 | <a name="input_enable_s3_sns"></a> [enable\_s3\_sns](#input\_enable\_s3\_sns) | Flag to enable or disable the creation of SNS for the Cloudtrail S3 bucket | `bool` | `false` | no |
 | <a name="input_enable_s3_sqs"></a> [enable\_s3\_sqs](#input\_enable\_s3\_sqs) | Flag to enable or disable the creation of SQS attached to SNS for Cloudtrail S3 bucket | `bool` | `false` | no |
diff --git a/cloudtrail/cloudtrail.tf b/cloudtrail/cloudtrail.tf
index 4fd39fd..c4bd9c3 100644
--- a/cloudtrail/cloudtrail.tf
+++ b/cloudtrail/cloudtrail.tf
@@ -8,8 +8,8 @@ resource "aws_cloudtrail" "this" {
   enable_logging                = true
   kms_key_id                    = var.kms_key_arn
   sns_topic_name                = var.enable_sns ? aws_sns_topic.cloudtrail[0].arn : null
-  cloud_watch_logs_group_arn    = format("%v:*", aws_cloudwatch_log_group.this.arn)
-  cloud_watch_logs_role_arn     = aws_iam_role.cloudtrail.arn
+  cloud_watch_logs_group_arn    = var.enable_cloudwatch_logs ? format("%v:*", aws_cloudwatch_log_group.this[0].arn) : null
+  cloud_watch_logs_role_arn     = var.enable_cloudwatch_logs ? aws_iam_role.cloudtrail.arn : null
   is_organization_trail         = var.enable_organization
 
   tags = merge(
diff --git a/cloudtrail/cloudwatch.tf b/cloudtrail/cloudwatch.tf
index cd63f14..958c126 100644
--- a/cloudtrail/cloudwatch.tf
+++ b/cloudtrail/cloudwatch.tf
@@ -8,6 +8,7 @@ locals {
 }
 
 resource "aws_cloudwatch_log_group" "this" {
+  count             = var.enable_cloudwatch_logs ? 1 : 0
   name              = local.name
   kms_key_id        = var.kms_key_arn
   retention_in_days = lookup(local._defaults["cloudwatch"], "retention_in_days", 7)
diff --git a/cloudtrail/variables.tf b/cloudtrail/variables.tf
index fc558cc..ae1aa04 100644
--- a/cloudtrail/variables.tf
+++ b/cloudtrail/variables.tf
@@ -107,3 +107,9 @@ variable "additional_s3_sqs_names" {
   type        = list(string)
   default     = []
 }
+
+variable "enable_cloudwatch_logs" {
+  description = "Enable CloudWatch Logs for this CloudTrail"
+  type        = bool
+  default     = false
+}