Cutting CloudWatch Costs: A Simple ECS Log Optimization Strategy
In this post, I’ll share how I optimized ECS task definitions and reduced CloudWatch log costs by 96% — from $478.15 to just $17.27 per month.
Cloud DevOps Engineer with hands-on experience in AWS and on-premise data centers. Continuously learning and growing my skills in cloud automation.
Before diving into the steps, here’s a quick look at the real CloudWatch cost reduction I achieved after optimizing ECS logging.
Before Optimization
After Optimization
Step-by-Step: Disabling CloudWatch Log Collection in ECS
After identifying that CloudWatch logs were driving up the cost, I looked into where these logs were being generated i.e. ECS Task Definition.
ECS task streams container logs to CloudWatch using the awslogs driver.This is helpful for debugging but quickly becomes expensive in testing, production environments where logs are continuous.
Note: Disabling CloudWatch log collection is recommended only for testing or development environments.
Instead of sending all logs to CloudWatch, you can use a local log driver with rotation.
This approach keeps your logs available for debugging directly on the ECS host while dramatically reducing ingestion and storage costs in CloudWatch.
Step 1: View Current Log Configuration (When Enabled)
In the ECS console, open your cluster’s service and navigate to the Task Definition associated with that service. Under each container definition, you’ll see the log collection (awslogs) option enabled. This configuration pushes all container logs to CloudWatch, which can increase both log ingestion and storage costs.
Step 2: Disable the Log Configuration
To stop unnecessary log streaming, create a new Task Definition revision. In your container definition, open the Log Configuration section, disable the log collection option, then save and deploy the new revision in your ECS service.
After deployment, you’ll notice that the Logs tab in your ECS service now appears empty, this is expected, as log streaming to CloudWatch has been disabled.
Setting Up Local Log Rotation on ECS (EC2 Hosts)
Disabling CloudWatch log collection helps reduce costs, but we still need access to container logs for debugging and monitoring. To handle this efficiently, we can enable local log rotation on the ECS host (the EC2 instance running your containers).
This ensures that container logs are stored locally on the instance and automatically rotated when they reach a certain size, preventing the disk from filling up.
The image below shows the system logs before local log rotation
To verify the logging driver used by a specific container, run the following command:
docker inspect -f '{{.HostConfig.LogConfig.Type}}' <container_id>
Example: docker inspect -f '{{.HostConfig.LogConfig.Type}}' 1e9c943d26d4
Step 1: SSH or directly Session Connect into your ECS EC2 instance
Switch to root:
sudo suGo to Docker config directory:
cd /etc/docker pwd # confirm path
Edit daemon.json:
vi daemon.json
Add log rotation code: adjust the
max-sizeandmax-filevalues based on your disk capacity and log volume requirements:{ "log-driver": "local", "log-opts": { "max-size": "20m", // Maximum size of a single log file (e.g., 20 megabytes) "max-file": "7" // Maximum number of log files to keep } }
Save the file and restart Docker:
sudo systemctl restart docker
Step 2: Verify Log Rotation
After implementing Step 1, verify that log rotation is active for each container:
docker inspect -f '{{.HostConfig.LogConfig.Type}}' <container-id>docker inspect -f '{{.HostConfig.LogConfig.Type}}' <container-id> Example: docker inspect -f '{{.HostConfig.LogConfig.Type}}' 1f9c943d25d9
This confirms that log rotation has been successfully applied and logs are ready for monitoring or debugging.
verify the log path:
sudo ls -lh /var/lib/docker/containers/<container-id>/
# or
sudo ls -lh /var/lib/docker/containers/<container-id>/local-logs/
# OR go to log path
sudo cd /var/lib/docker/containers/<container-id>/local-logs/
sudo cd /var/lib/docker/containers/<container-id>/
If log rotation is configured correctly, you’ll see files like:
container-json.log
container-json.log.1
container-json.log.2
The screenshot below shows an example of checking container logs: docker logs <container-id>
The screenshot below shows how to optimize CloudWatch log costs by configuring log group retention periods.
Conclusion
By shifting non-essential ECS logs from CloudWatch to local Docker rotation, you gain immediate control over your log costs and significantly reduce your AWS bill without losing local troubleshooting capability.
