By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

I get ListMetrics in CloudWatch but I do not know why

1

Hello, I got charged this month and I didn't know why. It seems it is from CloudWatch. Today I read about CloudWatch for the first time. It seems I did something which no I do not know how to stop. The support could not help me, and they said "If you do not want to be billed make less requests".

Image1 Image2

I removed all roles. Added MFA to root user. I used to drop DataDog logs using their integration (which was linked to my root user), I deleted that integration. My root user does not have credentials.

Could anyone help me figure out what I did in order to stop getting billed?

Topics
Management & GovernanceCloud Financial Management
Tags
Amazon CloudWatchAWS Billing
Language
English
AWS-User-5257117
asked 2 years ago618 views
2 Answers
1

CloudTrail does not log GetMetricData API calls. So, you cannot correlate the number of such API calls to your costs using CloudTrail.

Further, if CloudTrail were to log this API call, it'd likely be a data event (a high-volume operation) which would not be listed in Event History (or it'll flood Event History rendering it pretty useless to track other events).

The supported CloudWatch API calls (actions) in CloudTrail logs (events) are listed at https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/logging_cw_api_calls.html#cw_info_in_ct

AWS
gsatur
answered a year ago
-1

From what you've posted, I can't tell what is causing the requests. However, I recommend enabling CloudTrail [1]. CloudTrail is the AWS audit system. The first trail is free other than storage fees. You can store the CloudTrail logs in an S3 bucket (I also recommend creating a lifecycle policy [2] or those logs will only accumulate costing you money) and you can search the logs through Athena [3] or by going and downloading the logs. Through the CloudTrail logs, you should be able to find the GetMetric entries and that should tell you the ARN of what is making the requests and the user/role that is doing it. From this, you should be able to determine what is causing the costs in Cloud Watch.

[1] https://aws.amazon.com/cloudtrail/ [2] https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html [3] https://docs.aws.amazon.com/athena/latest/ug/cloudtrail-logs.html

profile pictureAWS
EXPERT
Shlomo Dubrowin
answered 2 years ago
  • James_S EXPERT
    2 years ago

    CloudTrail makes 90 days' worth of data available in the Console too without you needing to create a Trail (go to Event History on the menu), so you can use that interface to filter for the GetMetric and ListMetric events without having to set anything else up. If you've already stopped the integration which was causing those APIs to be called and since any Trails you create now will only contain new events, the Event History in the Console is the only way you can see related entries.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content