diff --git a/builtin/providers/aws/resource_aws_alb.go b/builtin/providers/aws/resource_aws_alb.go
index da26ce49b..fc5510523 100644
--- a/builtin/providers/aws/resource_aws_alb.go
+++ b/builtin/providers/aws/resource_aws_alb.go
@@ -88,6 +88,11 @@ func resourceAwsAlb() *schema.Resource {
 							Type:     schema.TypeString,
 							Optional: true,
 						},
+						"enabled": {
+							Type:     schema.TypeBool,
+							Optional: true,
+							Default:  true,
+						},
 					},
 				},
 			},
@@ -229,6 +234,8 @@ func resourceAwsAlbRead(d *schema.ResourceData, meta interface{}) error {
 	accessLogMap := map[string]interface{}{}
 	for _, attr := range attributesResp.Attributes {
 		switch *attr.Key {
+		case "access_logs.s3.enabled":
+			accessLogMap["enabled"] = *attr.Value
 		case "access_logs.s3.bucket":
 			accessLogMap["bucket"] = *attr.Value
 		case "access_logs.s3.prefix":
@@ -276,7 +283,7 @@ func resourceAwsAlbUpdate(d *schema.ResourceData, meta interface{}) error {
 			attributes = append(attributes,
 				&elbv2.LoadBalancerAttribute{
 					Key:   aws.String("access_logs.s3.enabled"),
-					Value: aws.String("true"),
+					Value: aws.String(strconv.FormatBool(log["enabled"].(bool))),
 				},
 				&elbv2.LoadBalancerAttribute{
 					Key:   aws.String("access_logs.s3.bucket"),
diff --git a/builtin/providers/aws/resource_aws_alb_test.go b/builtin/providers/aws/resource_aws_alb_test.go
index 168eda6c1..7cfd88b40 100644
--- a/builtin/providers/aws/resource_aws_alb_test.go
+++ b/builtin/providers/aws/resource_aws_alb_test.go
@@ -213,9 +213,8 @@ func TestAccAWSALB_accesslogs(t *testing.T) {
 					resource.TestCheckResourceAttrSet("aws_alb.alb_test", "arn"),
 				),
 			},
-
 			{
-				Config: testAccAWSALBConfig_accessLogs(albName, bucketName),
+				Config: testAccAWSALBConfig_accessLogs(true, albName, bucketName),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					testAccCheckAWSALBExists("aws_alb.alb_test", &conf),
 					resource.TestCheckResourceAttr("aws_alb.alb_test", "name", albName),
@@ -232,6 +231,27 @@ func TestAccAWSALB_accesslogs(t *testing.T) {
 					resource.TestCheckResourceAttr("aws_alb.alb_test", "access_logs.#", "1"),
 					resource.TestCheckResourceAttr("aws_alb.alb_test", "access_logs.0.bucket", bucketName),
 					resource.TestCheckResourceAttr("aws_alb.alb_test", "access_logs.0.prefix", "testAccAWSALBConfig_accessLogs"),
+					resource.TestCheckResourceAttr("aws_alb.alb_test", "access_logs.0.enabled", "true"),
+					resource.TestCheckResourceAttrSet("aws_alb.alb_test", "arn"),
+				),
+			},
+			{
+				Config: testAccAWSALBConfig_accessLogs(false, albName, bucketName),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckAWSALBExists("aws_alb.alb_test", &conf),
+					resource.TestCheckResourceAttr("aws_alb.alb_test", "name", albName),
+					resource.TestCheckResourceAttr("aws_alb.alb_test", "internal", "false"),
+					resource.TestCheckResourceAttr("aws_alb.alb_test", "subnets.#", "2"),
+					resource.TestCheckResourceAttr("aws_alb.alb_test", "security_groups.#", "1"),
+					resource.TestCheckResourceAttr("aws_alb.alb_test", "tags.%", "1"),
+					resource.TestCheckResourceAttr("aws_alb.alb_test", "tags.TestName", "TestAccAWSALB_basic1"),
+					resource.TestCheckResourceAttr("aws_alb.alb_test", "enable_deletion_protection", "false"),
+					resource.TestCheckResourceAttr("aws_alb.alb_test", "idle_timeout", "50"),
+					resource.TestCheckResourceAttrSet("aws_alb.alb_test", "vpc_id"),
+					resource.TestCheckResourceAttrSet("aws_alb.alb_test", "zone_id"),
+					resource.TestCheckResourceAttrSet("aws_alb.alb_test", "dns_name"),
+					resource.TestCheckResourceAttr("aws_alb.alb_test", "access_logs.#", "1"),
+					resource.TestCheckResourceAttr("aws_alb.alb_test", "access_logs.0.enabled", "false"),
 					resource.TestCheckResourceAttrSet("aws_alb.alb_test", "arn"),
 				),
 			},
@@ -569,7 +589,7 @@ resource "aws_security_group" "alb_test" {
 }`, albName)
 }
 
-func testAccAWSALBConfig_accessLogs(albName, bucketName string) string {
+func testAccAWSALBConfig_accessLogs(enabled bool, albName, bucketName string) string {
 	return fmt.Sprintf(`resource "aws_alb" "alb_test" {
   name            = "%s"
   internal        = false
@@ -582,6 +602,7 @@ func testAccAWSALBConfig_accessLogs(albName, bucketName string) string {
   access_logs {
   	bucket = "${aws_s3_bucket.logs.bucket}"
   	prefix = "${var.bucket_prefix}"
+  	enabled = "%t"
   }
 
   tags {
@@ -676,7 +697,7 @@ resource "aws_security_group" "alb_test" {
   tags {
     TestName = "TestAccAWSALB_basic"
   }
-}`, albName, bucketName)
+}`, albName, enabled, bucketName)
 }
 
 func testAccAWSALBConfig_nosg(albName string) string {
diff --git a/website/source/docs/providers/aws/r/alb.html.markdown b/website/source/docs/providers/aws/r/alb.html.markdown
index 6d7a2358a..f0976e08b 100644
--- a/website/source/docs/providers/aws/r/alb.html.markdown
+++ b/website/source/docs/providers/aws/r/alb.html.markdown
@@ -54,6 +54,7 @@ Access Logs (`access_logs`) support the following:
 
 * `bucket` - (Required) The S3 bucket name to store the logs in.
 * `prefix` - (Optional) The S3 bucket prefix. Logs are stored in the root if not configured.
+* `enabled` = (Optional) Boolean to enable / disable `access_logs`. Default is `true`
 
 ## Attributes Reference