diff --git a/.github/actions/e2e/create-cluster/action.yaml b/.github/actions/e2e/create-cluster/action.yaml
index 7c4ba3a42ee1..eb81c8abeb15 100644
--- a/.github/actions/e2e/create-cluster/action.yaml
+++ b/.github/actions/e2e/create-cluster/action.yaml
@@ -113,6 +113,10 @@ runs:
           - key: CriticalAddonsOnly
             value: "true"
             effect: NoSchedule
+      cloudWatch:
+        clusterLogging:
+          enableTypes: ["*"]
+          logRetentionInDays: 30
       iam:
         serviceRolePermissionsBoundary: "arn:aws:iam::${{ inputs.account_id }}:policy/GithubActionsPermissionsBoundary"
         serviceAccounts:
@@ -152,8 +156,6 @@ runs:
       # We need to call these update iamserviceaccount commands again since the "eksctl upgrade cluster" action
       # doesn't handle updates to IAM serviceaccounts correctly when the roles assigned to them change
       eksctl update iamserviceaccount -f clusterconfig.yaml --approve
-      
-
   - name: tag oidc provider of the cluster
     if: always()
     shell: bash
diff --git a/test/cloudformation/iam_cloudformation.yaml b/test/cloudformation/iam_cloudformation.yaml
index cb8a8c7a4c03..2263997cfbe2 100644
--- a/test/cloudformation/iam_cloudformation.yaml
+++ b/test/cloudformation/iam_cloudformation.yaml
@@ -148,8 +148,7 @@ Resources:
               - eks:ListFargateProfiles
               - eks:TagResource
               - eks:DescribeCluster
-            Resource: 
-              - !Sub "arn:${AWS::Partition}:eks:*:${AWS::AccountId}:cluster/*"
+            Resource: !Sub "arn:${AWS::Partition}:eks:*:${AWS::AccountId}:cluster/*"
             Condition:
               StringEquals:
                 aws:RequestedRegion: 
@@ -169,16 +168,17 @@ Resources:
               - eks:DeleteNodegroup
               - eks:DescribeNodegroup
               - eks:TagResource
-            Resource: 
-              - !Sub "arn:${AWS::Partition}:eks:*:${AWS::AccountId}:nodegroup/*"
+            Resource: !Sub "arn:${AWS::Partition}:eks:*:${AWS::AccountId}:nodegroup/*"
             Condition:
               StringEquals:
                 aws:RequestedRegion: 
                   Ref: Regions
+          - Effect: Allow
+            Action: logs:PutRetentionPolicy
+            Resource: !Sub "arn:aws:logs:*:${AWS::AccountId}:log-group:/aws/eks/*"
           - Effect: Allow
             Action: fis:CreateExperimentTemplate
-            Resource: 
-              - !Sub "arn:${AWS::Partition}:fis:*:${AWS::AccountId}:action/*"
+            Resource: !Sub "arn:${AWS::Partition}:fis:*:${AWS::AccountId}:action/*"
             Condition:
               StringEquals:
                 aws:RequestedRegion: