Writing CloudWatch log resource policy failed: LimitExceededException: Resource limit exceeded

Question

I'm trying to create elasticsearch cluster using terraform, But i'm getting this error

11:58:07 * aws_cloudwatch_log_resource_policy.elasticsearch-log-publishing-policy: Writing CloudWatch log resource policy failed: LimitExceededException: Resource limit exceeded.
11:58:07 * aws_elasticsearch_domain.es2: 1 error(s) occurred:

I initially thought that this resource limit error is unable to create log groups. But when i raised a Ticket with AWS team , they said there is "no throttling on CreateLogGroup API for this account in IAD"

ElasticSearch has about 10 clusters running. I'm not sure which resource limit has exceeded.

Can someone pls explain me the above error.

Update:

data "aws_iam_policy_document" "elasticsearch-log-publishing-policy" {
  statement {
    actions = [
      "logs:CreateLogStream",
      "logs:PutLogEvents",
      "logs:PutLogEventsBatch",
    ]

    resources = ["arn:aws:logs:*"]

    principals {
      identifiers = ["es.amazonaws.com"]
      type        = "Service"
    }
  }
}

resource "aws_cloudwatch_log_resource_policy" "elasticsearch-log-publishing-policy" {
  policy_document = "${data.aws_iam_policy_document.elasticsearch-log-publishing-policy.json}"
  policy_name     = "elasticsearch-log-publishing-policy"
}

I tried to apply this using terraform target, i think the error is here, does AWS have a limit on number of custom policies we create, I could not find an option to request an increase.

Marcin · Accepted Answer

does AWS have a limit on number of custom policies we create, I could not find an option to request an increase.

Yes, the limit can't be change and it is:

Up to 10 CloudWatch Logs resource policies per Region per account. This quota can't be changed.

Writing CloudWatch log resource policy failed: LimitExceededException: Resource limit exceeded

Answers (2)

Related Questions