diff --git a/vpc-flow-logs.tf b/vpc-flow-logs.tf
index 93c204ccf..f35480649 100644
--- a/vpc-flow-logs.tf
+++ b/vpc-flow-logs.tf
@@ -90,7 +90,6 @@ data "aws_iam_policy_document" "vpc_flow_log_cloudwatch" {
     effect = "Allow"
 
     actions = [
-      "logs:CreateLogGroup",
       "logs:CreateLogStream",
       "logs:PutLogEvents",
       "logs:DescribeLogGroups",