What are the XXXX-VendedLog-Bytes or XXXX-VendedLog-YY-Byte charges on my AWS bill?

Short description

Note: In this article, XXXX represents the AWS Region code for the Region where logs have been configured. For example, USE1 is the Region code for us-east-1. YY represents the AWS service related to the charges. For example, VPC_FLOW or ROUTE_53.

XXXX-VendedLog-Bytes or XXXX-VendedLog-YY-Bytes indicate that logs are configured to transfer data to Amazon Simple Storage Service (Amazon S3).

A number of AWS services can be configured to publish logs to Amazon S3, called vended logs. For example, the following logs can post to Amazon S3:

• Amazon Virtual Private Cloud (Amazon VPC) Flow Logs
• AWS Global Accelerator flow logs
• Amazon Route 53 Resolver query logs
• AWS WAF access logs

For more information on how charges are calculated for vended logs, see Amazon CloudWatch pricing.

You can use AWS usage reports to manually calculate the cost of transferring your data to Amazon S3. Then, compare these results with the charges in your AWS bill to verify them. Finally, you can implement the suggested cost savings strategies to reduce future charges.

Resolution

Use Cost Explorer to visualize charges

1. Open Cost Explorer and choose Launch Cost Explorer.
2. From the navigation pane, choose Reports
3. Choose Create new report.
4. For Select a report type, select Cost and usage. Then, choose Create Report.
5. From the Report parameters pane, set your filters to find the relevant charges.
   For Time, choose the relevant dates.
   For Granularity, choose Daily.
   Under Filters, for Dimension, choose Service and select CloudWatch. Then, choose Apply filter.
   Add a second filter by choosing Add new filter. For Dimension Usage, enter Vended in the search field. Then, select the vended logs you want to examine. Choose Apply filter.
6. You see in two graphs illustrating the daily volume of logs and the corresponding costs. You can trend how the log volume changes in relation to the workloads in your environment.

Generate a report of CloudWatch charges

1. Open the AWS Billing console.
2. In the navigation pane, choose Cost & Usage Reports.
3. Choose AWS Usage Report.
4. For Services, choose AmazonCloudWatch.
5. For Usage Types, choose All Usage Types.
6. For Operation, choose All Operations.
7. For Time Period, choose the time period that you're investigating.
8. For Report Granularity, it's a best practice to choose Days, because large usage reports might be truncated.
9. Choose Download report (CSV).

Analyze Cost and Usage Reports

Optionally, analyze the AWS Cost and Usage Reports (AWS CUR) you generated in the prior section using a spreadsheet application, such as Microsoft Excel.

This report presents similar data to the graphs in the Use Cost Explorer to visualize charges section of this article. However, you can use this method if you want more granular information. In the spreadsheet applicable of your choice, you can filter by log types, Regions, or timeframes.

For example, compare the UsageType field and the vended logs under investigation in the XXXX-VendedLog-YY-Bytes field. The UsageValue column reflects the volume of log data in bytes. To correlate UsageValue the AWS CUR report with the Usage (GB) value in the Cost Explorer graph, convert bytes to gibibytes.

Reduce future costs

Vended log charges are based on the volume of logs sent to Amazon CloudWatch Logs, Amazon S3, or Amazon Kinesis Data Firehose. Consider configuration options or strategies to reduce the quantity of logs to reduce future fees. For example, if you're using VPC Flow Logs:

• Turn on VPC Flow Logs only when troubleshooting.
• Limit scope based on elastic network interfaces (ENIs).
• Turn on flow logs for only select ENIs or subnets.
• Turn on flow logs for only REJECT/ACCEPT traffic.

Related information

Analyze CloudWatch cost and usage data with Cost Explorer

What are AWS Cost and Usage Reports?

---