Cost Strategy

Why CloudWatch Logs Costs More Than You Expect - The Cost Structure of Ingestion, Storage, and Analysis

This article explains the pricing structure where CloudWatch Logs ingestion costs over 20 times more than storage, the cost explosions caused by VPC Flow Logs and Lambda logs, and optimization strategies using the Infrequent Access class and S3 export.

約 6 分で読めます

Ingestion Costs Dominate the Cost Structure

CloudWatch Logs pricing consists of three components. Ingestion charges apply when sending log data to CloudWatch Logs, at $0.76 per GB in ap-northeast-1. Storage charges are billed monthly for stored log data, at $0.033 per GB per month. Analysis (Logs Insights) charges apply based on the amount of data scanned by queries, at $0.0076 per GB. The key takeaway is that ingestion costs are approximately 23 times higher than storage costs. Ingesting 1 GB of logs costs $0.76, while storing that same log for one month costs only $0.033. In other words, the majority of CloudWatch Logs costs come from ingestion. Shortening log retention periods has limited cost-reduction impact; reducing the volume of ingested logs is the most effective cost-saving measure.

Three Patterns That Cause Cost Explosions

There are three patterns where CloudWatch Logs costs become unexpectedly high. First, VPC Flow Logs. Sending VPC Flow Logs to CloudWatch Logs generates logs proportional to network traffic volume. In high-traffic VPCs, tens of gigabytes of flow logs can be generated per day. Ingesting 1 TB of flow logs per month costs $760 in ingestion charges alone. Sending VPC Flow Logs directly to S3 is cheaper, as there are no ingestion charges and you only pay S3 storage costs ($0.025/GB). Second, Lambda function logs. Lambda automatically sends START, END, and REPORT logs to CloudWatch Logs for each execution. A function that runs 1 million times per day generates a significant volume of logs from this alone. If the function heavily uses console.log, log volume increases further. Third, forgotten debug logs. Deploying to production with DEBUG-level logging still enabled can increase log volume by 10 to 100 times the normal amount.

Infrequent Access Class - Cutting Ingestion Costs in Half

The CloudWatch Logs Infrequent Access (IA) class, introduced in 2023, can reduce ingestion costs by approximately 50%. The IA class ingestion rate is $0.38 per GB (half of Standard), while the storage rate remains the same at $0.033/GB. The limitation of the IA class is that Logs Insights queries are not available. You must use Live Tail or filter patterns to search logs. The recommended approach is to use the Standard class for logs that are frequently queried for analysis, and the IA class for logs where storage is the primary purpose and analysis frequency is low. The class is specified when creating a log group. The class of an existing log group cannot be changed, so migrating to the IA class requires creating a new log group and redirecting the log destination. Lambda logs are automatically sent to a log group named /aws/lambda/function-name, but since you can change the log group in the Lambda configuration, switching to an IA class log group is possible.

S3 Export and Firehose - The Optimal Solution for Long-Term Storage

For long-term log storage, S3 is significantly cheaper than CloudWatch Logs. CloudWatch Logs storage costs $0.033/GB, while S3 Standard costs $0.025/GB and S3 Glacier Instant Retrieval costs $0.005/GB. There are two ways to export logs from CloudWatch Logs to S3. The CreateExportTask API batch-exports logs for a specified time period to S3. However, only one export task can run at a time per region, which can be time-consuming in environments with many log groups. Subscription filters using Kinesis Data Firehose deliver logs to S3 in real time. While Firehose data processing charges ($0.036/GB) apply, this is inexpensive compared to CloudWatch Logs ingestion charges ($0.76/GB). The most efficient architecture is to send logs to both CloudWatch Logs and S3. Store logs in CloudWatch Logs for a short period (7 to 30 days) for real-time monitoring and alarms, and store them in S3 for long-term retention and analysis with Athena.

Practical Techniques for Reducing Log Volume

The most effective way to reduce costs is to reduce the volume of ingested logs. First, set appropriate log levels. In production environments, set the log level to INFO or WARN and avoid outputting DEBUG-level logs. Controlling the log level via environment variables allows you to switch to DEBUG only when debugging is needed. Second, use sampling. If you do not need to log every request, record only a certain percentage. For example, logging only 10% of requests reduces log volume to one-tenth. Third, use structured logging. Using JSON-formatted structured logs and including only necessary fields reduces the data volume per line. Instead of including the full stack trace in logs, recording only the error message and the first few lines is also effective. Fourth, use metric filters. Extracting metrics from logs and storing them as CloudWatch metrics allows you to shorten the retention period of the logs themselves. For a systematic approach to log management cost optimization, specialized books on Amazon are a helpful reference.

Related Services

Amazon CloudWatchA service that provides monitoring, log management, and alarms for AWS resources and applicationsAmazon S3A scalable object storage service

Related Articles

Why CloudWatch Has 1-Minute and 5-Minute Metrics - The Trade-off Between Monitoring Granularity and CostThis article explains the technical and economic reasons behind the split between CloudWatch basic monitoring (5 minutes) and detailed monitoring (1 minute), the step-down aggregation of metric retention periods, and the high-resolution mode for custom metrics.Inside AWS Pricing - How Per-Second, Per-Millisecond, and Per-Request Billing Actually WorksDiscover how AWS's diverse billing granularities, including EC2's per-second billing, Lambda's per-millisecond billing, and S3's per-request billing, are measured, aggregated, and invoiced through the metering system.The Real Reason NAT Gateway Is Expensive - How Data Processing Charges Work and How to Avoid ThemBreak down the mechanisms behind NAT Gateway's high hourly and data processing charges, and explore practical cost-reduction strategies including VPC endpoints, NAT instances, and IPv6 migration.

More on This Topic

Inside AWS Pricing - How Per-Second, Per-Millisecond, and Per-Request Billing Actually WorksDiscover how AWS's diverse billing granularities, including EC2's per-second billing, Lambda's per-millisecond billing, and S3's per-request billing, are measured, aggregated, and invoiced through the metering system.90% of AWS Is Born from Customer Feedback - Working Backwards and Customer-Driven InnovationWe explain how the Working Backwards process and the Customer Obsession principle shape AWS service development. Learn about the innovation mechanism that starts with PR/FAQ documents and the process for incorporating customer feedback.AWS's Culture of Price Reductions - The Flywheel and Economies of Scale Behind 100+ Price Cuts Since 2006This article analyzes AWS's culture of passing scale benefits on to customers through price reductions, examining the economies of scale, hardware generation transitions, and competitive strategy behind it, with examples of major past price cuts and their impact.Why AWS Pricing Is So Complex - The Economics and Game Theory Behind Pay-As-You-GoWe break down the three-tier pricing structure of On-Demand, Reserved Instances, and Spot Instances through the lens of airline yield management and demand forecasting economics, explaining the rational reasons behind the complexity of AWS pricing.Cost Management with AWS Budgets - Budget Alerts and Automated ActionsSet alerts on both actual and forecasted values, and use Budget Actions to automatically apply IAM policies or stop instances. Integrate with Slack to raise cost awareness across the team.Cloud Cost Budget Management - Spending Controls and Alerts with AWS BudgetsLearn how to set budgets, configure cost alerts, and automate actions with AWS Budgets. This article covers choosing budget types, comparing Budgets with Cost Explorer, and managing organization-wide budgets through Organizations integration.Resource Optimization with AWS Compute Optimizer - Instance RightsizingAnalyze CloudWatch metrics with ML to generate rightsizing recommendations for EC2, Lambda, EBS, and ECS Fargate. Learn about Graviton migration recommendations and improving accuracy with enhanced metrics.Compute Resource Optimization - Rightsizing with AWS Compute OptimizerLearn about resource rightsizing with AWS Compute Optimizer. Covers recommendations for EC2, Lambda, EBS, and ECS on Fargate, cost savings estimates, and implementation steps.

Similar Articles and Services

Operational Monitoring in Practice - Achieving Full-Stack Observability with CloudWatchLearn about operational monitoring design with AWS CloudWatch, including metrics collection, log analysis, and alarm configuration for comprehensive observability.Building Unified Monitoring with Amazon CloudWatch - Designing Metrics, Logs, and AlarmsBuild unified monitoring with the three pillars of metrics, logs, and alarms. This article covers interactive analysis with Logs Insights, high-precision notifications with composite alarms, and leveraging Embedded Metric Format.The Integration Power of the AWS Observability Stack - Operational Transparency Through CloudWatch, X-Ray, and CloudTrailThis article examines the integration level of the AWS observability stack centered on CloudWatch, X-Ray, and CloudTrail, comparing it with Azure Monitor and GCP Cloud Logging to explain how the three pillars of metrics, traces, and logs drive differences in operational quality.Amazon Security LakeA data lake service that centralizes security data in OCSF format