Inactive CloudWatch Log Group

Service Category

Other

Cloud Provider

AWS

Service Name

AWS CloudWatch

Inefficiency Type

Unused Resource

Explanation

CloudWatch log groups often persist long after their usefulness has expired. In some cases, they are associated with applications or resources that are no longer active. In other cases, the systems may still be running, but the log data is no longer being reviewed, analyzed, or used by any team. Regardless of the reason, retaining logs that no one is monitoring or using results in unnecessary storage costs. If log data is not needed for operational visibility, debugging, compliance, or auditing purposes, it should either be deleted or managed with a shorter retention policy.

Relevant Billing Model

CloudWatch Logs are billed on a usage-based model, with charges incurred for:

Log ingestion – Cost per GB of log data sent to CloudWatch
Log storage – Ongoing cost per GB-month for data retained in log groups, regardless of access or usage
Log queries and insights – Additional charges apply when querying or analyzing logs

Detection

Identify log groups with significant stored log volume but no recent ingestion activity
Review historical usage to determine if log data is still being used for operational, security, or compliance purposes
Evaluate whether the log group is associated with an active application or AWS resource
Check whether the log group has a defined retention policy or is defaulting to indefinite storage
Confirm there are no current alerts, dashboards, or queries relying on data within the log group
Validate with relevant stakeholders (e.g., DevOps, security, compliance) whether the log group is still required

Remediation

Apply appropriate retention policies to automatically expire old logs or manually delete inactive log groups that are no longer needed. Where appropriate, implement automated cleanup routines to routinely identify and remove unused log groups.

Relevant Documentation

CloudWatch Pricing

Submit Feedback