Lowering logs ingestion cost for CloudWatch logs

Question

hello everyone, I am trying to figure out if there's a prescribed or a custom method to lower the ingestion cost of CloudWatch logs. I understand to log only required logs and have also looked into CloudWatch Infrequent Access. I know that few services have native feature to log straight to S3 without touching CloudWatch logs. 
What I am seeing in the account is CloudTrail logs being logged to CloudWatch and massive amount of it is from S3 Data Events, then ton of VPC flow logs. Also, some non AWS application are also generating excessive logs which are raising the ingestion cost. 
I have deployed a lambda function that exports logs from CloudWatch logs to S3 but that doesn't answer the ingestion cost. Does anyone have any similar experience and a solution? Thanks.

Leo K · Answer

CloudTrail logs are primarily delivered directly to an S3 bucket. Sending them additionally to CloudWatch Logs is completely optional, and you can disable it to avoid the associated costs from CloudWatch.

VPC flow logs can optionally be sent either to S3 or CloudWatch logs. Configuring them to be delivered directly to an S3 bucket is explained in this documentation article: https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-s3.html. Note that you can save on storage costs and processing costs with Athena queries or other means by configuring the VPC flow logs to use the Parquet format.

Sending logs directly to S3 for those two services won't incur any CloudWatch costs.

Lowering logs ingestion cost for CloudWatch logs

Relevant content