What are the ####-VendedLog-Bytes charges on my AWS bill?

Short description

Note: In this article, #### represents the AWS Region code for the Region where you configured the logs. For example, USE1 is the Region code for us-east-1.

AWS services publishes the Amazon CloudWatch Vended logs for the customer. For example, if you configure Amazon Virtual Private Cloud (Amazon VPC) Flow Logs to transfer data to Amazon CloudWatch Logs, then ####-VendedLog-Bytes charges appear in Cost Explorer. If you use Amazon Simple Storage Service (Amazon S3) to store your logs, then ####-S3-Egress-Bytes charges appear in Cost Explorer. If you transfer logs to Amazon Data Firehose, then ####-FH-Egress-Bytes charges appear in Cost Explorer.

You can use CloudWatch Vended Logs to transfer logs from the following AWS services to CloudWatch Logs, Amazon S3, or Amazon Data Firehose:

• Amazon VPC
• AWS Global Accelerator (S3 only)
• Amazon Route 53 Resolver (CloudWatch Logs/S3 only)
• AWS WAF

For more information about how charges are calculated for vended logs, see Amazon CloudWatch pricing. You can also use AWS Data Exports to manually calculate the cost to transfer your data to Amazon S3.

Resolution

Use Cost Explorer to view charges

To view vended logs costs for transfers to CloudWatch Logs, complete the following steps:

1. Open the AWS Billing and Cost Management console.
2. In the navigation pane, choose Cost Explorer.
3. From the Report parameter pane, apply the following filters:
   For Time, choose the relevant dates.
   For Granularity, choose Daily.
   For Dimension, choose Usage type.
   Under Filters, for Service, select CloudWatch. Then, choose Apply.
   For Usage type, enter vended in the search field, and then select the vended logs that you want to review.
4. Choose Apply filter.

The results include two graphs that show the daily volume of logs and the corresponding costs. You can compare how the log volume changes in relation to the workloads in your environment.

If you have activated resource-level data at daily granularity in Cost Explorer, then you can identify CloudWatch Logs log groups with high usage. Complete the following steps:

1. Open the AWS Billing and Cost Management console.
2. In the navigation pane, choose Cost Explorer.
3. From the Report parameter pane, apply the following filters:
   For Dimension, choose Resource.
   For Usage Type, enter vended in the search field, and then select the vended logs that you want to review. Choose Apply.

To identify vended logs that are sent to Amazon S3, complete the following steps

1. Open the AWS Billing and Cost Management console.
2. In the navigation pane, choose Cost Explorer.
3. From the Report parameter pane, apply the following filters:
   For Dimension, choose Resource.
   For Usage Type choose S3-Egress-Bytes.

(Optional) Use AWS Data Exports to manually view charges

You can use the Data Exports page on the AWS Billing and Management console to create data exports. Compare the costs with the charges in your AWS bill, and implement the cost savings strategies to reduce your charges. To include individual resource IDs in your report, use the lineItem ResourceId line item.

Reduce future costs

Vended log charges are based on the volume of logs that you send to Amazon CloudWatch Logs, Amazon S3, or Amazon Data Firehose. To reduce future costs, reduce the quantity of logs.

If you use VPC Flow Logs, then limit your scope based on the number of elastic network interfaces. Also, turn on the feature only in the following situations:

• For specific network interfaces or subnets.
• For REJECT or ACCEPT traffic.
• When you're troubleshooting issues.

Related information

Analyzing, optimizing, and reducing CloudWatch costs