diff --git a/terraform/addons/saml-auth-proxy/README.md b/terraform/addons/saml-auth-proxy/README.md
index cae388b2b368..baaa39bac427 100644
--- a/terraform/addons/saml-auth-proxy/README.md
+++ b/terraform/addons/saml-auth-proxy/README.md
@@ -32,6 +32,7 @@ No requirements.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_alb_access_logs"></a> [alb\_access\_logs](#input\_alb\_access\_logs) | n/a | `map(string)` | `{}` | no |
 | <a name="input_alb_target_group_arn"></a> [alb\_target\_group\_arn](#input\_alb\_target\_group\_arn) | n/a | `string` | n/a | yes |
 | <a name="input_base_url"></a> [base\_url](#input\_base\_url) | n/a | `string` | n/a | yes |
 | <a name="input_cookie_max_age"></a> [cookie\_max\_age](#input\_cookie\_max\_age) | n/a | `string` | `"1h"` | no |
@@ -53,6 +54,7 @@ No requirements.
 |------|-------------|
 | <a name="output_fleet_extra_execution_policies"></a> [fleet\_extra\_execution\_policies](#output\_fleet\_extra\_execution\_policies) | n/a |
 | <a name="output_lb"></a> [lb](#output\_lb) | n/a |
+| <a name="output_lb_security_group"></a> [lb\_security\_group](#output\_lb\_security\_group) | n/a |
 | <a name="output_lb_target_group_arn"></a> [lb\_target\_group\_arn](#output\_lb\_target\_group\_arn) | Keep for legacy support for now |
 | <a name="output_name"></a> [name](#output\_name) | n/a |
 | <a name="output_secretsmanager_secret_id"></a> [secretsmanager\_secret\_id](#output\_secretsmanager\_secret\_id) | n/a |
diff --git a/terraform/addons/saml-auth-proxy/main.tf b/terraform/addons/saml-auth-proxy/main.tf
index 2148e41c4f1e..6daa975d441a 100644
--- a/terraform/addons/saml-auth-proxy/main.tf
+++ b/terraform/addons/saml-auth-proxy/main.tf
@@ -82,7 +82,7 @@ module "saml_auth_proxy_alb" {
   subnets         = var.subnets
   security_groups = [aws_security_group.saml_auth_proxy_alb.id]
   # FIXME: Get this working eventually.
-  # access_logs     = var.alb_config.access_logs
+  access_logs = var.alb_access_logs
 
   internal = true
   target_groups = [
diff --git a/terraform/addons/saml-auth-proxy/outputs.tf b/terraform/addons/saml-auth-proxy/outputs.tf
index cea09cf5b3f7..afc268f9c812 100644
--- a/terraform/addons/saml-auth-proxy/outputs.tf
+++ b/terraform/addons/saml-auth-proxy/outputs.tf
@@ -17,6 +17,10 @@ output "lb" {
   value = module.saml_auth_proxy_alb
 }
 
+output "lb_security_group" {
+  value = aws_security_group.saml_auth_proxy_alb.id
+}
+
 output "secretsmanager_secret_id" {
   value = aws_secretsmanager_secret.saml_auth_proxy_cert.id
 }
diff --git a/terraform/addons/saml-auth-proxy/variables.tf b/terraform/addons/saml-auth-proxy/variables.tf
index 66aa6677d700..f441c643e362 100644
--- a/terraform/addons/saml-auth-proxy/variables.tf
+++ b/terraform/addons/saml-auth-proxy/variables.tf
@@ -7,6 +7,11 @@ variable "alb_target_group_arn" {
   type = string
 }
 
+variable "alb_access_logs" {
+  type    = map(string)
+  default = {}
+}
+
 # variable "public_alb_security_group_id" {
 #   type = string
 # }