diff --git a/README.md b/README.md
index 12f1a1d..008ee0e 100644
--- a/README.md
+++ b/README.md
@@ -62,6 +62,7 @@ No modules.
 | <a name="input_cluster_domain_name"></a> [cluster\_domain\_name](#input\_cluster\_domain\_name) | The cluster domain used for externalDNS annotations and certmanager | `any` | n/a | yes |
 | <a name="input_controller_name"></a> [controller\_name](#input\_controller\_name) | Will be used as the ingress controller name and the class annotation | `string` | n/a | yes |
 | <a name="input_default_cert"></a> [default\_cert](#input\_default\_cert) | Useful if you want to use a default certificate for your ingress controller. Format: namespace/secretName | `string` | `"ingress-controllers/default-certificate"` | no |
+| <a name="input_enable_cross_zone_lb"></a> [enable\_cross\_zone\_lb](#input\_enable\_cross\_zone\_lb) | cross-zone load balancing distributes traffic across the registered targets in all enabled Availability Zones | `bool` | `true` | no |
 | <a name="input_enable_external_dns_annotation"></a> [enable\_external\_dns\_annotation](#input\_enable\_external\_dns\_annotation) | Add external dns annotation for service | `bool` | `false` | no |
 | <a name="input_enable_latest_tls"></a> [enable\_latest\_tls](#input\_enable\_latest\_tls) | Provide support to tlsv1.3 along with tlsv1.2 | `bool` | `false` | no |
 | <a name="input_enable_modsec"></a> [enable\_modsec](#input\_enable\_modsec) | Enable https://github.com/SpiderLabs/ModSecurity-nginx | `bool` | `false` | no |
diff --git a/main.tf b/main.tf
index 3a415c0..553fd5c 100644
--- a/main.tf
+++ b/main.tf
@@ -61,7 +61,9 @@ resource "helm_release" "nginx_ingress" {
     enable_owasp            = var.enable_owasp
     keepalive               = var.keepalive
     # https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#upstream-keepalive-time
-    upstream_keepalive_time        = var.upstream_keepalive_time
+    upstream_keepalive_time = var.upstream_keepalive_time
+    # https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html#cross-zone-load-balancing
+    enable_cross_zone_lb           = var.enable_cross_zone_lb
     proxy_response_buffering       = var.proxy_response_buffering
     default                        = var.controller_name == "default" ? true : false
     name_override                  = "ingress-${var.controller_name}"
diff --git a/templates/values.yaml.tpl b/templates/values.yaml.tpl
index 68a9880..3deba35 100644
--- a/templates/values.yaml.tpl
+++ b/templates/values.yaml.tpl
@@ -254,7 +254,7 @@ controller:
 %{~ endif ~}
 
       service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
-      service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
+      service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "${enable_cross_zone_lb}"
     externalTrafficPolicy: "Local"
 
 %{ if default_cert != "" }
diff --git a/variables.tf b/variables.tf
index 010920a..9bfcccf 100644
--- a/variables.tf
+++ b/variables.tf
@@ -80,6 +80,12 @@ variable "upstream_keepalive_time" {
   default     = "1h"
 }
 
+variable "enable_cross_zone_lb" {
+  description = "cross-zone load balancing distributes traffic across the registered targets in all enabled Availability Zones"
+  type        = bool
+  default     = true
+}
+
 variable "proxy_response_buffering" {
   description = "nginx receives a response from the proxied server as soon as possible, saving it into the buffers set by the proxy_buffer_size and proxy_buffers directives. If the whole response does not fit into memory, a part of it can be saved to a temporary file on the disk. https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering"
   type        = string