diff --git a/.tflint.hcl b/.tflint.hcl
index 12ca630..aadcfc7 100644
--- a/.tflint.hcl
+++ b/.tflint.hcl
@@ -2,9 +2,9 @@ config {
     disabled_by_default = false
     format = "compact"
     force = false
-    module = true
+    call_module_type = "all"
 }
- 
+
 plugin "aws" {
     enabled = true
     source = "github.com/terraform-linters/tflint-ruleset-aws"
diff --git a/terraform/website/main.tf b/terraform/website/main.tf
index 0a21402..46b3356 100644
--- a/terraform/website/main.tf
+++ b/terraform/website/main.tf
@@ -2,6 +2,17 @@ resource "aws_s3_bucket" "bucket" {
   bucket = var.domain
 }
 
+resource "aws_s3_bucket_logging" "bucket_logging" {
+  bucket = aws_s3_bucket.bucket.id
+
+  target_bucket = aws_s3_bucket.logs.id
+  target_prefix = "s3-access-logs/"
+}
+
+resource "aws_s3_bucket" "logs" {
+  bucket = "${var.domain}-logs"
+}
+
 resource "aws_s3_bucket_ownership_controls" "bucket" {
   bucket = aws_s3_bucket.bucket.id
   rule {
@@ -70,6 +81,13 @@ resource "aws_cloudfront_distribution" "distribution" {
   is_ipv6_enabled = true
   price_class     = "PriceClass_100"
 
+  logging_config {
+    include_cookies = false
+    bucket          = "${aws_s3_bucket.logs.bucket_regional_domain_name}"
+    prefix          = "cloudfront/"
+  }
+
+
   origin {
     domain_name = aws_s3_bucket_website_configuration.bucket.website_endpoint
     origin_id   = aws_s3_bucket.bucket.bucket_regional_domain_name