Use Case for AWS CloudWatch Unused Log Stream

Quick Links

Configure AWS CloudWatch Unused Log Stream
Use Case for AWS CloudWatch Unused Log Stream
Triage Guides by Violation Type
1. Triage AWS CloudWatch Unused Log Stream LOG_STREAM_UNUSED_FOR_TOO_LONG

AWS CloudWatch Unused Log Stream

Why Use This Policy?

This policy helps identify CloudWatch log streams that have not ingested any logs for a configurable number of days. Deleting unused log streams can reduce unnecessary storage costs, leading to cost savings and better resource management.

Pros:

Reduces storage costs associated with unused log streams.
Helps maintain a clean and organized logging environment.
Configurable threshold for log stream age.

Cons:

Potential risk of deleting log streams that might be required for future auditing or debugging purposes.

How It Works:

The policy function fetches the last ingestion time of log streams within a specified log group. It then evaluates whether each log stream has exceeded the predefined threshold for maximum allowed days without logs. If the log stream exceeds the threshold, it is flagged for further action.

Variables:

cloudwatch_log_stream_age_max_days: The maximum number of days a log stream is allowed without any log event being written to it. Default is 90 days.

Violation Type IDs:

LOG_STREAM_UNUSED_FOR_TOO_LONG: Indicates that the log stream has exceeded the maximum allowed days without logs.

Policy Observance Structure:

lastIngestionTime: The timestamp of the last log ingestion in milliseconds or null if no logs have ever been ingested.

Use Case for AWS CloudWatch Unused Log Stream

Quick Links​

AWS CloudWatch Unused Log Stream

Why Use This Policy?​

Pros:​

Cons:​

How It Works:​

Variables:​

Violation Type IDs:​

Policy Observance Structure:​