CloudWatch Log Retention
CostLens detects CloudWatch Log Groups without a retention policy and recommends setting 30-day retention.
By default, CloudWatch Log Groups have no retention policy — logs accumulate indefinitely and you pay for all stored data forever. CostLens detects log groups without a retention policy and recommends setting a 30-day retention to prevent unbounded log growth. This is a low-risk, high-value fix.
Old logs will eventually be permanently deleted
Once retention is set to 30 days, AWS will gradually purge all log events older than 30 days. CostLens does not create any automatic export or backup. If you need to preserve older logs, export them to S3 before applying this fix. Recovery after purge is not possible.
How to export logs to S3 before applying
- Open CloudWatch → Logs → Log groups in the AWS Console.
- Select the log group, then Actions → Export data to Amazon S3.
- Choose a date range and destination S3 bucket, then click Export.
- Wait for the export task to complete (visible under Actions → View export tasks).
- Once confirmed, return to CostLens and apply the retention fix.
How it works
CostLens pages through all Log Groups
Uses logs:DescribeLogGroups to list all CloudWatch Log Groups.
Flags groups with no retention policy
Groups where retentionInDays is not set are flagged.
Minimum size filter
Only groups with at least 100 MB of stored data are surfaced — very small groups are skipped as the savings are negligible.
Applies 30-day retention
When you click Apply Fix and confirm, CostLens calls logs:PutRetentionPolicy with a 30-day retention on each flagged group.
Compliance considerations
Check your compliance requirements before applying
- PCI DSS requires 12 months of log retention (1 year online + 1 year archive).
- HIPAA requires 6 years of audit log retention.
- SOC 2 typically requires 1 year of log retention.
- ISO 27001 recommends 1–3 years depending on the log type.
If your logs fall under any of these frameworks, set a longer retention (or archive to S3 using a log subscription) instead of applying the 30-day default. Dismiss the recommendation for regulated log groups and handle retention manually.
Valid retention periods
AWS supports these values (in days): 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, 3653.
CostLens sets 30 days. You can change the retention to any supported value in the AWS Console after the fix is applied.
Severity levels
Severity for this check is based on stored data size:
| Severity | Stored data |
|---|---|
| high | ≥ 10 GB — significant accumulated logs with no expiry |
| medium | 1–10 GB |
| low | 100 MB – 1 GB — minor cleanup opportunity |
Required IAM permissions
Included in the CostlensApplyFix policy from Step 4b in AWS Accounts:
logs:DescribeLogGroups
logs:PutRetentionPolicy
Tip
For log groups that must retain data longer, set the retention in AWS Console directly after CostLens applies the 30-day default — or dismiss the CostLens recommendation and manage retention manually for those groups.