What are the XXXX-VendedLog-Bytes or XXXX-VendedLog-YY-Byte charges on my AWS bill?

Short description

Note: In this article, XXXX represents the AWS Region code for the Region where logs have been configured. For example, USE1 is the Region code for us-east-1. YY represents the AWS service that relates to the charges, such as VPC_FLOW or ROUTE_53.
XXXX-VendedLog-Bytes or XXXX-VendedLog-YY-Bytes indicate that the logs are configured to transfer data to Amazon Simple Storage Service (Amazon S3).

Several AWS services can be configured to publish logs to Amazon S3. These logs are called vended logs. The following are examples of logs that can post to Amazon S3:

• Amazon Virtual Private Cloud (Amazon VPC) Flow Logs
• AWS Global Accelerator flow logs
• Amazon Route 53 Resolver query logs
• AWS WAF access logs

For more information on how charges are calculated for vended logs, see Amazon CloudWatch pricing.

Use AWS usage reports to manually calculate the cost of transferring your data to Amazon S3. Then, compare the costs with the charges in your AWS bill to verify them. Finally, implement the cost savings strategies to reduce future charges.

Resolution

Use Cost Explorer to visualize charges

1. Open the AWS Billing console.
2. In the navigation pane, choose Cost Explorer.
3. From the navigation pane, choose Reports
4. Choose Create new report.
5. For Select a report type, select Cost and usage. Then, choose Create Report.
6. From the Report parameters pane, set your filters to find the relevant charges.
   For Time, choose the relevant dates.
   For Granularity, choose Daily.
   For Dimension, choose Usage type.
   Under Filters, for Service, select CloudWatch. Then, choose Apply.
   For Usage Type, enter Vended in the search field. Then, select the vended logs that you want to examine. Choose Apply filter.
7. Two graphs display the daily volume of logs and the corresponding costs. You can compare how the log volume changes in relation to the workloads in your environment.

Generate a report of CloudWatch charges

1. Open the AWS Billing console.
2. In the navigation pane, choose Cost Usage Reports.
3. Choose AWS Usage Report.
4. For Services, choose AmazonCloudWatch.
5. For Usage Types, choose All Usage Types.
6. For Operation, choose All Operations.
7. For Time Period, choose the time period that you're investigating.
8. For Report Granularity, it's a best practice to choose Days, because large usage reports can be truncated.
9. Choose Download report (CSV).

(Optional) Analyze Cost and Usage Reports

You can use a spreadsheet application, such as Microsoft Excel, to analyze the AWS Cost and Usage Reports (AWS CUR) that was generated. This report presents similar data to the graphs in the Use Cost Explorer to visualize charges section of this article. You can filter the report by log types, Regions, or timeframes to have more granular information than the Cost Explorer graph.

For example, compare the UsageType field and the vended logs that you are examining in the XXXX-VendedLog-YY-Bytes field. The UsageValue column reflects the volume of log data in bytes. To correlate UsageValue in the AWS CUR report with the Usage (GB) value in the Cost Explorer graph, convert bytes to gibibytes.

Reduce future costs

Vended log charges are based on the volume of logs sent to Amazon CloudWatch Logs, Amazon S3, or Amazon Kinesis Data Firehose. To reduce future fees, review configuration options or strategies that reduce the quantity of logs. The following is an example of suggestions to consider if you use VPC Flow Logs:

• Turn on VPC Flow Logs only when troubleshooting.
• Limit scope based on elastic network interfaces (ENIs).
• Turn on flow logs for only select ENIs or subnets.
• Turn on flow logs for only REJECT/ACCEPT traffic.

Related information

Analyze CloudWatch cost and usage data with Cost Explorer