diff --git a/README.md b/README.md
index aa060ab..da8b058 100644
--- a/README.md
+++ b/README.md
@@ -47,6 +47,7 @@ The following resources will be created:
 | autoscaling\_default\_cooldown | The amount of time, in seconds, after a scaling activity completes before another scaling activity can start. | `number` | `300` | no |
 | autoscaling\_health\_check\_grace\_period | The length of time that Auto Scaling waits before checking an instance's health status. The grace period begins when an instance comes into service. | `number` | `300` | no |
 | backup | Assing a backup tag to efs resource - Backup will be performed by AWS Backup. | `string` | `"true"` | no |
+| cw\_retention\_period | Retention period (in days) for Cloud Watch log group. Default to Never Expire. | `number` | `0` | no |
 | domain\_name | Domain name to point to openvpn container for external access | `string` | `"vpn.address"` | no |
 | hosted\_zone | Hosted Zone to create DNS record for this app | `string` | `""` | no |
 | hosted\_zone\_id | Hosted Zone ID to create DNS record for this app (prefer this instead of hosted\_zone) | `string` | `""` | no |
diff --git a/_variables.tf b/_variables.tf
index c34b46d..5389425 100644
--- a/_variables.tf
+++ b/_variables.tf
@@ -167,6 +167,11 @@ variable "lb_access_logs_prefix" {
   description = "Bucket prefix to store lb access logs."
 }
 
+variable "cw_retention_period" {
+  default     = 0
+  description = "Retention period (in days) for Cloud Watch log group. Default to Never Expire."
+}
+
 variable "alb_ssl_policy" {
   default     = "ELBSecurityPolicy-2016-08"
   type        = string
diff --git a/cloudwatch-task-logs.tf b/cloudwatch-task-logs.tf
index db4f586..6a696c2 100644
--- a/cloudwatch-task-logs.tf
+++ b/cloudwatch-task-logs.tf
@@ -1,3 +1,5 @@
 resource "aws_cloudwatch_log_group" "default" {
   name = "ecs-openvpn-${var.name}"
+
+  retention_in_days = var.cw_retention_period
 }
\ No newline at end of file