diff --git a/opensearch/cloudwatch.tf b/opensearch/cloudwatch.tf
new file mode 100644
index 000000000..7137e2036
--- /dev/null
+++ b/opensearch/cloudwatch.tf
@@ -0,0 +1,43 @@
+data "aws_ssm_parameter" "destination-arn" {
+  name = "/copilot/tools/central_log_groups"
+}
+
+resource "aws_cloudwatch_log_subscription_filter" "opensearch_log_group_index_slow_logs" {
+  name            = "/aws/opensearch/${var.application}/${var.environment}/${var.name}/opensearch_log_group_index_slow"
+  role_arn        = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/CWLtoSubscriptionFilterRole"
+  log_group_name  = "/aws/opensearch/${local.domain_name}/index-slow"
+  filter_pattern  = ""
+  destination_arn = jsondecode(data.aws_ssm_parameter.destination-arn.value)["prod"]
+
+  depends_on = [aws_cloudwatch_log_group.opensearch_log_group_index_slow_logs]
+}
+
+resource "aws_cloudwatch_log_subscription_filter" "opensearch_log_group_search_slow_logs" {
+  name            = "/aws/opensearch/${var.application}/${var.environment}/${var.name}/opensearch_log_group_search_slow"
+  role_arn        = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/CWLtoSubscriptionFilterRole"
+  log_group_name  = "/aws/opensearch/${local.domain_name}/search-slow"
+  filter_pattern  = ""
+  destination_arn = jsondecode(data.aws_ssm_parameter.destination-arn.value)["prod"]
+
+  depends_on = [aws_cloudwatch_log_group.opensearch_log_group_search_slow_logs]
+}
+
+resource "aws_cloudwatch_log_subscription_filter" "opensearch_log_group_es_application_logs" {
+  name            = "/aws/opensearch/${var.application}/${var.environment}/${var.name}/opensearch_log_group_es_application"
+  role_arn        = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/CWLtoSubscriptionFilterRole"
+  log_group_name  = "/aws/opensearch/${local.domain_name}/es-application"
+  filter_pattern  = ""
+  destination_arn = jsondecode(data.aws_ssm_parameter.destination-arn.value)["prod"]
+
+  depends_on = [aws_cloudwatch_log_group.opensearch_log_group_es_application_logs]
+}
+
+resource "aws_cloudwatch_log_subscription_filter" "opensearch_log_group_audit_logs" {
+  name            = "/aws/opensearch/${var.application}/${var.environment}/${var.name}/opensearch_log_group_audit"
+  role_arn        = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/CWLtoSubscriptionFilterRole"
+  log_group_name  = "/aws/opensearch/${local.domain_name}/audit"
+  filter_pattern  = ""
+  destination_arn = jsondecode(data.aws_ssm_parameter.destination-arn.value)["prod"]
+
+  depends_on = [aws_cloudwatch_log_group.opensearch_log_group_audit_logs]
+}
diff --git a/opensearch/locals.tf b/opensearch/locals.tf
index 36e6e9d68..a8fadb25f 100644
--- a/opensearch/locals.tf
+++ b/opensearch/locals.tf
@@ -15,8 +15,7 @@ locals {
   name               = replace(var.name, "_", "-")
   domain_name        = substr(replace("${var.environment}-${local.name}", "_", "-"), 0, 28)
   ssm_parameter_name = "/copilot/${var.application}/${var.environment}/secrets/${upper(replace("${var.name}_ENDPOINT", "-", "_"))}"
-
-  master_user = "opensearch_user"
+  master_user        = "opensearch_user"
 
   instances              = coalesce(var.config.instances, 1)
   zone_awareness_enabled = local.instances > 1
diff --git a/opensearch/tests/opensearch.tftest.hcl b/opensearch/tests/opensearch.tftest.hcl
index 676e460d4..e78563045 100644
--- a/opensearch/tests/opensearch.tftest.hcl
+++ b/opensearch/tests/opensearch.tftest.hcl
@@ -309,3 +309,62 @@ run "test_domain_name_truncation" {
     error_message = "Opensearch domain_name should be 'my-prod-environment-my-reall'"
   }
 }
+
+run "test_create_cloudwatch_subscription_filters" {
+  command = plan
+
+  variables {
+    application = "my_app"
+    environment = "my_env"
+    name        = "my_name"
+    vpc_name    = "terraform-tests-vpc"
+
+    config = {
+      engine      = "2.5"
+      instance    = "t3.small.search"
+      instances   = 1
+      volume_size = 80
+      master      = false
+    }
+  }
+
+  assert {
+    condition     = aws_cloudwatch_log_subscription_filter.opensearch_log_group_index_slow_logs.name == "/aws/opensearch/my_app/my_env/my_name/opensearch_log_group_index_slow"
+    error_message = "Cloudwatch log subscription filter name for cloudwatch log 'opensearch_log_group_index_slow_logs' should be '/aws/opensearch/my_app/my_env/my_name/opensearch_log_group_index_slow'"
+  }
+
+  assert {
+    condition     = aws_cloudwatch_log_subscription_filter.opensearch_log_group_search_slow_logs.name == "/aws/opensearch/my_app/my_env/my_name/opensearch_log_group_search_slow"
+    error_message = "Cloudwatch log subscription filter name for cloudwatch log 'opensearch_log_group_search_slow_logs' should be '/aws/opensearch/my_app/my_env/my_name/opensearch_log_group_search_slow'"
+  }
+
+  assert {
+    condition     = aws_cloudwatch_log_subscription_filter.opensearch_log_group_es_application_logs.name == "/aws/opensearch/my_app/my_env/my_name/opensearch_log_group_es_application"
+    error_message = "Cloudwatch log subscription filter name for cloudwatch log 'opensearch_log_group_es_application_logs' should be '/aws/opensearch/my_app/my_env/my_name/opensearch_log_group_es_application'"
+  }
+
+  assert {
+    condition     = aws_cloudwatch_log_subscription_filter.opensearch_log_group_audit_logs.name == "/aws/opensearch/my_app/my_env/my_name/opensearch_log_group_audit"
+    error_message = "Cloudwatch log subscription filter name for cloudwatch log 'opensearch_log_group_audit_logs' should be '/aws/opensearch/my_app/my_env/my_name/opensearch_log_group_audit'"
+  }
+
+  assert {
+    condition     = aws_cloudwatch_log_subscription_filter.opensearch_log_group_index_slow_logs.log_group_name == "/aws/opensearch/my-env-my-name/index-slow"
+    error_message = "Cloudwatch log subscription filter log group name for cloudwatch log 'opensearch_log_group_index_slow_logs' should be '/aws/opensearch/my-env-my-name/index-slow'"
+  }
+
+  assert {
+    condition     = aws_cloudwatch_log_subscription_filter.opensearch_log_group_search_slow_logs.log_group_name == "/aws/opensearch/my-env-my-name/search-slow"
+    error_message = "Cloudwatch log subscription filter log group name for cloudwatch log 'opensearch_log_group_search_slow_logs' should be '/aws/opensearch/my-env-my-name/search-slow'"
+  }
+
+  assert {
+    condition     = aws_cloudwatch_log_subscription_filter.opensearch_log_group_es_application_logs.log_group_name == "/aws/opensearch/my-env-my-name/es-application"
+    error_message = "Cloudwatch log subscription filter log group name for cloudwatch log 'opensearch_log_group_es_application_logs' should be '/aws/opensearch/my-env-my-name/es-application'"
+  }
+
+  assert {
+    condition     = aws_cloudwatch_log_subscription_filter.opensearch_log_group_audit_logs.log_group_name == "/aws/opensearch/my-env-my-name/audit"
+    error_message = "Cloudwatch log subscription filter log group name for cloudwatch log 'opensearch_log_group_audit_logs' should be '/aws/opensearch/my-env-my-name/audit'"
+  }
+}