What are the LogDelivery Operation, XXX--S3-Egress-Bytes, or XXX--S3-Egress-ComprBytes charges on my AWS bill?

Last updated: 2019-11-12

I'm seeing charges for LogDelivery Operation, XXX--S3-Egress-Bytes, or XXX--S3-Egress-ComprBytes on my AWS bill. How can I verify these charges and reduce them in the future?

Short Description

LogDelivery Operation, XXX--S3-Egress-Bytes, and XXX--S3-Egress-ComprBytes charges indicate that VPC Flow Logs or Global Accelerator flow logs are configured to transfer data to Amazon Simple Storage Service (Amazon S3). You can use AWS usage reports to manually calculate the cost of transferring your data to Amazon S3. Then, compare these results with the charges in your AWS bill to verify them. Finally, you can implement recommended cost savings strategies to reduce future charges.

Note: XXX represents the three-digit Region code for the Region where logs have been configured.

Resolution

Generate a report of your Amazon CloudWatch charges

  1. Open the AWS Billing console.
  2. In the navigation pane, choose Cost & Usage Reports.
  3. Choose AWS Usage Report.
  4. For Services, choose AmazonCloudWatch.
  5. For Usage Types, choose All Usage Types.
  6. For Operation, choose All Operations.
  7. For Time Period, choose the time period that you're investigating.
  8. For Report Granularity, it's a best practice to choose Days, because large usage reports might be truncated.
  9. Choose Download report (CSV).

Review your Amazon CloudWatch usage report

In the usage report that you downloaded, create a table to filter by Operation - LogDelivery. In the table, review the data for the following usages types:

  • XXX--S3-Egress-Bytes: Amount of logs bytes generated. This value is useful for calculating cost.
  • XXX--S3-Egress-ComprBytes: Amount of log bytes transferred to Amazon S3 after logs are compressed. This value is useful for calculating the amount of data sent to Amazon S3.

Note: Logs are compressed and then transferred to Amazon S3 for storage.

Calculate cost based on the amount of data sent

  1. Filter your table by XXX-S3-Egress-Bytes.
  2. Calculate the sum of all of the UsageValues. This represents the total amount of logs processed in bytes.
  3. Divide the number of bytes by 1024^3 (1024*1024*1024) to convert bytes to gigabytes.
  4. Refer to the Logs tab on the Amazon CloudWatch Pricing page to calculate the cost of the logs sent to Amazon S3.
    Note: If you qualify for the AWS Free Usage Tier, the first 5 GB of data sent to Amazon S3 is free.
  5. Calculate the cost of bytes transferred. For example, if you qualify for the AWS Free Usage Tier and have 78 GB of log data delivered to Amazon S3:
    Subtract the first 5 GB from the total gigabytes (78-5 = 73)
    Then, multiply the resulting value (73) by $0.25 (the cost per GB of log data sent to Amazon S3 for the first 10 TB) = $18.25

Verify the amount of compressed data sent with Amount of data in S3 bucket

  1. Filter by XXX-S3-Egress-ComprBytes.
  2. Calculate the sum of all of the UsageValue values. This indicates the total amount of compressed data sent to the S3 bucket.
  3. Divide the number of bytes by 1024^3 (1024*1024*1024) to convert bytes to gigabytes.
  4. Open the S3 bucket where the logs are saved. Navigate inside the bucket and select concerned month.
  5. Choose ActionsGet total size. The value that this action returns should be close to the value that you calculated above.

Reduce future costs by minimizing the amount of data generated

Based on your use case, consider implementing some or all of the following cost reduction strategies:

  • Enable VPC Flow Logs only when troubleshooting.
  • Enable VPC Flow Logs only for selected elastic network interfaces that require continued monitoring.
  • Enable logging only for REJECT/ACCEPT traffic per the requirements of your use case.

Did this article help you?

Anything we could improve?


Need more help?