Skip to content

CloudWatch

Log Groups

CloudWatch Log Groups set to "Never Expire" retention can accumulate massive storage costs over time.

Implementation Effort: Low - Estimated time: less than 30 minutes. Set a retention policy on the log group via console or CLI.

We detect log groups without an expiration policy and recommend setting appropriate retention periods. Exceptions apply for compliance-critical logs like CloudTrail and VPC Flow Logs, which may require long-term retention.

Custom Metrics

CloudWatch custom metrics can become a significant cost driver, especially when cardinality explosion occurs from high-cardinality dimensions.

Implementation Effort: Medium - Estimated time: 2-8 hours. Requires application code changes to reduce metric cardinality.

What We Detect

  • High-cardinality namespaces -- Custom metric namespaces with excessive unique metric combinations
  • Risky dimensions -- Namespaces using dimension patterns that commonly lead to cardinality explosion
  • Cost estimation -- Monthly cost impact based on your metric count

Why It Matters

CloudWatch charges per unique metric. A single application emitting metrics with per-user or per-request dimensions can generate thousands of unique metrics, costing hundreds or thousands of dollars monthly.

Recommendations

  1. Avoid high-cardinality dimensions (user IDs, request IDs, IP addresses)
  2. Use Embedded Metric Format (EMF) to aggregate before publishing
  3. Review unused namespaces -- custom metrics expire after 15 months of no new data

Keep on chasing 🧡