diff --git a/README.md b/README.md
index c7eaa21..3df8286 100644
--- a/README.md
+++ b/README.md
@@ -221,6 +221,7 @@ Available targets:
| [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
| [s3\_bucket\_name](#input\_s3\_bucket\_name) | S3 bucket name for CloudTrail logs | `string` | n/a | yes |
+| [s3\_key\_prefix](#input\_s3\_key\_prefix) | Prefix for S3 bucket used by Cloudtrail to store logs | `string` | `null` | no |
| [sns\_topic\_name](#input\_sns\_topic\_name) | Specifies the name of the Amazon SNS topic defined for notification of log file delivery | `string` | `null` | no |
| [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
| [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
diff --git a/docs/terraform.md b/docs/terraform.md
index 82a9ce7..fcaaa44 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -53,6 +53,7 @@
| [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
| [s3\_bucket\_name](#input\_s3\_bucket\_name) | S3 bucket name for CloudTrail logs | `string` | n/a | yes |
+| [s3\_key\_prefix](#input\_s3\_key\_prefix) | Prefix for S3 bucket used by Cloudtrail to store logs | `string` | `null` | no |
| [sns\_topic\_name](#input\_sns\_topic\_name) | Specifies the name of the Amazon SNS topic defined for notification of log file delivery | `string` | `null` | no |
| [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
| [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
diff --git a/main.tf b/main.tf
index 8bec949..54cb073 100644
--- a/main.tf
+++ b/main.tf
@@ -12,7 +12,7 @@ resource "aws_cloudtrail" "default" {
tags = module.this.tags
kms_key_id = var.kms_key_arn
is_organization_trail = var.is_organization_trail
-
+ s3_key_prefix = var.s3_key_prefix
dynamic "event_selector" {
for_each = var.event_selector
content {
diff --git a/variables.tf b/variables.tf
index bdcc98b..cb48762 100644
--- a/variables.tf
+++ b/variables.tf
@@ -71,3 +71,9 @@ variable "sns_topic_name" {
description = "Specifies the name of the Amazon SNS topic defined for notification of log file delivery"
default = null
}
+
+variable "s3_key_prefix" {
+ type = string
+ description = "Prefix for S3 bucket used by Cloudtrail to store logs"
+ default = null
+}