diff --git a/modules/vault-elb/main.tf b/modules/vault-elb/main.tf
index 83c004c8..a6be1bf4 100644
--- a/modules/vault-elb/main.tf
+++ b/modules/vault-elb/main.tf
@@ -26,10 +26,12 @@ resource "aws_elb" "vault" {
 
   # optional access_logs creation  
   dynamic "access_logs" {
-    for_each = var.access_logs == null ? [] : ["once"]
+    for_each = var.access_logs == null ? [] : [ var.access_logs ]
 
     content {
-      enabled       = lookup(access_logs.value, "enabled", lookup(access_logs.value, "bucket", null))
+      # enabled flag is optional. The user can choose to specify or not. If not specified we check if bucket param is specified and assume that
+      #  the user wants the logging to be enabled.
+      enabled       = lookup(access_logs.value, "enabled", true)
       bucket        = lookup(access_logs.value, "bucket", null)
       bucket_prefix = lookup(access_logs.value, "bucket_prefix", null)
       interval      = lookup(access_logs.value, "interval", null)