diff --git a/infra/cluster-logging.tf b/infra/cluster-logging.tf
new file mode 100644
index 0000000..f06ed82
--- /dev/null
+++ b/infra/cluster-logging.tf
@@ -0,0 +1,28 @@
+# Logging Configuration for services inside the cluster
+#######################################################
+
+# Alpha Cloudwatch logging configuration
+########################################
+resource "aws_cloudwatch_log_group" "alpha" {
+  name = "${var.athens_prefix}-alpha-log"
+  retention_in_days = 7
+}
+
+# Alpha logging role 
+#####################
+resource "aws_iam_role" "alpha_iam_role" {
+  name = "${var.athens_prefix}-alpha-iam-role"
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Principal = {
+          Service = [ "ecs-tasks.amazonaws.com" ]
+        }
+        Effect = "Allow"
+      }
+    ]
+  })
+}
+
diff --git a/infra/roles.tf b/infra/roles.tf
new file mode 100644
index 0000000..a21bd56
--- /dev/null
+++ b/infra/roles.tf
@@ -0,0 +1,24 @@
+resource "aws_iam_policy" "alpha_iam_policy" {
+  name = "${var.athens_prefix}-alpha-iam-policy"
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect = "Allow"
+        Action = [
+          "logs:CreateLogGroup",
+          "logs:CreateLogStream",
+          "logs:DescribeLogStreams",
+          "logs:PutLogEvents",
+        ]
+        "Resource" = "*"
+      }
+    ]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "alpha_logs" {
+  role        = aws_iam_role.alpha_iam_role.name
+  policy_arn  = aws_iam_policy.alpha_iam_policy.arn
+}
+