AWSAmazon CloudWatch LogsObservability

aws_cloudwatch_log_group cost estimation

A log group for storing application and AWS service logs. Priced by ingestion ($0.50/GB), storage ($0.03/GB-month), and queries.

An aws_cloudwatch_log_group is a container for log streams. CloudWatch Logs is often the second-biggest cost surprise in AWS bills, behind NAT Gateway. Pricing has three main dimensions.

First, ingestion. Every log line written costs $0.50/GB (in us-east-1; other regions similar). This is the dominant cost for high-volume applications. A microservice writing 10 GB/day of structured JSON logs pays $150/month in ingestion alone, per service.

Second, storage. Stored logs are billed at $0.03/GB-month. Cheap compared to ingestion, but adds up over long retention windows. Default retention is "Never Expire," which is almost always wrong.

Third, query execution. CloudWatch Logs Insights queries cost $0.005/GB scanned. A query over a year of logs across multiple log groups can scan terabytes, costing tens of dollars per query. Not catastrophic, but watch for runaway query patterns.

Other features add cost: - Log archival to S3 (CreateExportTask): the export itself is free, but stored S3 data is billed at S3 rates (much cheaper than CloudWatch storage long-term). - Subscription filters to Kinesis or Lambda: free for the subscription; cost is on the destination resource. - Vended logs (logs written by AWS services like VPC Flow Logs, ALB logs): same ingestion + storage pricing as regular logs.

c3x estimates the per-log-group cost only when retention_in_days and expected daily ingestion are specified in c3x-usage.yml. Without usage data, c3x shows the per-GB rates and flags the resource as usage-dependent.

Terraform example

A minimal but realistic configuration that C3X can estimate.

resource "aws_cloudwatch_log_group" "api" {
  name              = "/aws/lambda/api-function"
  retention_in_days = 30

  tags = {
    Environment = "production"
  }
}

Pricing dimensions

What you actually pay for when you provision aws_cloudwatch_log_group.

DimensionUnitWhat's being charged
Ingestionper GB ingestedEvery log line written. Dominant cost for verbose applications.
$0.50/GB in us-east-1
Storageper GB-monthStored logs after ingestion, billed by retention period.
$0.03/GB-month
Logs Insights queriesper GB scannedCost of running ad-hoc queries against logs.
$0.005/GB scanned
Vended logssame as standard logsVPC Flow Logs, ALB access logs, etc. written to CloudWatch use the same per-GB rates.
Log group level (Infrequent Access tier)per GB ingestedSetting log_group_class = INFREQUENT_ACCESS reduces ingestion to $0.25/GB but limits features and prevents subscription filters.
$0.25/GB ingestion

Optimization tips

Common ways to reduce aws_cloudwatch_log_group cost without changing the workload.

Set retention_in_days on every log group

Storage cost in long-running accounts

Default is infinite retention. Most logs have value for 7-30 days. Setting retention = 30 cuts long-term storage cost by an order of magnitude.

Reduce log verbosity in production

70-90%

Many applications log at DEBUG level in production. Each log line costs $0.50/GB. Switching to INFO or WARN and trimming verbose tracing payloads can cut log bills by 70-90%.

Archive cold logs to S3

90%+ on long-term log storage

Set up a Lambda or use CreateExportTask to move logs older than 30 days to S3 (then to Glacier). S3 storage is ~10x cheaper than CloudWatch, Glacier 100x cheaper.

Use Infrequent Access tier for compliance-only logs

50% on ingestion

If a log group is only kept for compliance and rarely queried, log_group_class = INFREQUENT_ACCESS halves ingestion cost (loses some real-time query features).

Drop high-volume health-check logs

Workload-dependent

Health-check, heartbeat, and constant-polling endpoints generate huge log volumes for no value. Filter them at the application or use log subscription filters.

FAQ

Why is my CloudWatch Logs bill so high?

Usually ingestion, not storage. A single Lambda function logging large request/response payloads at DEBUG can ingest 50+ GB/day. Across services it adds up. Audit log levels and verbose tracing first.

Are VPC Flow Logs billed as CloudWatch Logs?

Yes if you write VPC Flow Logs to CloudWatch (the default). They're often surprisingly large — multi-GB per day even for small VPCs. Writing them to S3 instead avoids CloudWatch ingestion fees, but you lose some real-time query capability.

Does c3x estimate CloudWatch Logs cost from Terraform alone?

Not without usage data. Log volume is application-specific and can't be inferred from the resource definition. Add expected daily_ingestion_gb on each log group in c3x-usage.yml.

What's the Infrequent Access log class?

A cheaper tier for logs you rarely query in real-time. Halves ingestion cost ($0.25/GB) but limits features: no subscription filters, no live tail, no Insights interactive queries (you can still query, just slower). Right for audit/compliance archives.

Related resources

AWS
aws_lambda_function

Lambda functions automatically write to log groups

AWS
aws_s3_bucket

Cheaper long-term archive destination

AWS
aws_kinesis_data_stream

Streaming alternative for very high log volumes

Estimate this resource in your own Terraform

Free, open source, no API key. C3X parses your Terraform and shows line-item cost for every resource, including aws_cloudwatch_log_group.

Get StartedStar on GitHub
← Browse all AWS resources