delete all log streams of a log group using aws cli
Master System Design with Codemia
Enhance your system design skills with over 120 practice problems, detailed solutions, and hands-on exercises.
Introduction
CloudWatch Logs is an AWS service that lets you monitor, store, and access log files from AWS resources such as EC2 instances, Lambda functions, and CloudTrail. Log groups serve as containers for log streams, which in turn contain individual log events. When you need to clean up logging data, whether to reduce costs, reset a test environment, or remove stale streams, you may want to delete all log streams within a specific log group. This article shows how to accomplish this efficiently using the AWS Command Line Interface.
Prerequisites
Before running the commands, make sure the following are in place:
- AWS CLI installed: You need version 2 of the AWS CLI. Install it via the official guide.
- IAM permissions: The IAM identity running the commands needs
logs:DescribeLogStreamsto list log streams andlogs:DeleteLogStreamto delete them. - CLI configured: Run
aws configureto set your access key, secret key, default region, and output format.
Step 1: List Log Streams in a Log Group
Before deleting anything, verify which log streams exist. Use the describe-log-streams command to list them.
The --query flag uses JMESPath to extract just the stream names. The --output text flag returns them as tab-separated values, which is easier to process in a script than JSON.
Step 2: Delete a Single Log Stream
The delete-log-stream command removes one stream at a time.
This is useful for targeted cleanup, but for bulk deletion you need to automate the process.
Step 3: Delete All Log Streams with a Bash Script
The following script retrieves all log stream names from a log group and deletes them one by one.
Save this as delete_log_streams.sh, make it executable with chmod +x delete_log_streams.sh, and run it. The script first checks if there are any streams to delete, then iterates through each one.
Handling Pagination for Large Log Groups
The describe-log-streams command returns a maximum of 50 streams per call by default. If your log group has more than 50 streams, you need to handle pagination.
This version uses jq to parse the JSON response and extract the nextToken for pagination. It continues fetching and deleting until there are no more pages.
Parallel Deletion with xargs
For log groups with hundreds or thousands of streams, deleting one at a time can be slow. You can speed things up using xargs with parallel execution.
The -P 10 flag runs up to 10 delete operations in parallel. Adjust this number based on your API rate limits.
Alternative: Delete the Entire Log Group
If you want to remove all streams and do not need to keep the log group itself, deleting the entire log group is simpler and faster.
This removes the log group and all of its streams in a single API call. Be aware that you will need to recreate the log group if your service writes to it again (though many AWS services auto-create log groups).
Common Pitfalls
- Irreversibility: Deleting log streams permanently removes the data. Export logs to S3 first if you need a backup. Use
aws logs create-export-taskfor this. - API rate limits: AWS throttles CloudWatch Logs API calls. If you delete many streams rapidly, you may receive
ThrottlingExceptionerrors. Add a short delay between calls or use exponential backoff. - Special characters in stream names: Lambda log stream names contain characters like
[$LATEST]and forward slashes. Always quote the stream name variable in your script to prevent shell expansion. - Wrong region: If you do not see the expected log streams, verify your CLI is configured for the correct region with
aws configure get region. - Pagination oversight: Forgetting to handle pagination means you only delete the first page of results (up to 50 streams), leaving the rest intact.
Summary
Deleting all log streams from a CloudWatch log group requires listing the streams with describe-log-streams and then calling delete-log-stream for each one. For large log groups, handle pagination and consider parallel deletion with xargs. If you do not need to preserve the log group itself, delete-log-group is the simplest option. Always export important logs to S3 before deletion and be mindful of API rate limits when performing bulk operations.

