diff --git a/CHANGELOG.md b/CHANGELOG.md
index b1693cb..bbcdf55 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,8 @@ project adheres to [Semantic Versioning](http://semver.org/).
 
 - Added Termination Policy Option to worker ASGs (by @undeadops)
 - Update EBS optimized instances type (by @gloutsch)
+- Enable log retention for cloudwatch log groups (by @yuriipolishchuk)
+
 
 ### Changed
 
diff --git a/README.md b/README.md
index 7628014..6de9293 100644
--- a/README.md
+++ b/README.md
@@ -114,6 +114,7 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 | cluster\_endpoint\_private\_access | Indicates whether or not the Amazon EKS private API server endpoint is enabled. | string | `"false"` | no |
 | cluster\_endpoint\_public\_access | Indicates whether or not the Amazon EKS public API server endpoint is enabled. | string | `"true"` | no |
 | cluster\_iam\_role\_name | IAM role name for the cluster. Only applicable if manage_cluster_iam_resources is set to false. | string | `""` | no |
+| cluster\_log\_retention\_in\_days | Number of days to retain log events. Default retention - 90 days | string | `"90"` | no |
 | cluster\_name | Name of the EKS cluster. Also used as a prefix in names of related resources. | string | n/a | yes |
 | cluster\_security\_group\_id | If provided, the EKS cluster will be attached to this security group. If not given, a security group will be created with necessary ingres/egress to work with the workers and provide API access to your current IP/32. | string | `""` | no |
 | cluster\_version | Kubernetes version to use for the EKS cluster. | string | `"1.12"` | no |
diff --git a/cluster.tf b/cluster.tf
index dc789ee..9f27005 100644
--- a/cluster.tf
+++ b/cluster.tf
@@ -1,3 +1,10 @@
+resource "aws_cloudwatch_log_group" "this" {
+  name              = "/aws/eks/${var.cluster_name}/cluster"
+  retention_in_days = "${var.cluster_log_retention_in_days}"
+
+  count = "${length(var.cluster_enabled_log_types) > 0 ? 1 : 0}"
+}
+
 resource "aws_eks_cluster" "this" {
   name                      = "${var.cluster_name}"
   enabled_cluster_log_types = "${var.cluster_enabled_log_types}"
@@ -19,6 +26,7 @@ resource "aws_eks_cluster" "this" {
   depends_on = [
     "aws_iam_role_policy_attachment.cluster_AmazonEKSClusterPolicy",
     "aws_iam_role_policy_attachment.cluster_AmazonEKSServicePolicy",
+    "aws_cloudwatch_log_group.this",
   ]
 }
 
diff --git a/variables.tf b/variables.tf
index e432723..0061755 100644
--- a/variables.tf
+++ b/variables.tf
@@ -4,6 +4,11 @@ variable "cluster_enabled_log_types" {
   type        = "list"
 }
 
+variable "cluster_log_retention_in_days" {
+  default     = "90"
+  description = "Number of days to retain log events. Default retention - 90 days."
+}
+
 variable "cluster_name" {
   description = "Name of the EKS cluster. Also used as a prefix in names of related resources."
 }