CREATE_FAILED due to CloudWatch Logs Resource Policy size was exceeded.

[caleb-atkins8]

Hello, we are looking to deploy this solution in us-east-1 with Aurora RAG engine and Bedrock model access enabled. We keep receiving this error and are not sure how to resolve. Any insight would be greatly appreciated.

3:17:48 PM | CREATE_FAILED | AWS::StepFunctions::StateMachine | RagEngines/AuroraP...ateAuroraWorkspace Resource handler returned message: "Invalid Logging Configuration: The CloudWatch Logs Resource Policy size was exceeded. We suggest prefixing your CloudWatch log group name with /aws/vendedlogs/states/. (Service: AWSStepFun ctions; Status Code: 400; Error Code: InvalidLoggingConfiguration; Request ID: b43a3eb9-3137-48b8-a767-9544147899a5; Proxy: null)" (RequestToken: 28b6839a-71f7-d451-590c-f1f346f6e232, HandlerErrorCode: InvalidRequest)

[Rob-Powell]

can you share your bin/config.json file?

[azaylamba]

This error usually is thrown when you have either "more than 10 CloudWatch Logs resource policies per Region per account" or the resource policy size is more than 5120 characters. You can refer following links: https://docs.aws.amazon.com/step-functions/latest/dg/bp-cwl.html https://stackoverflow.com/a/65623331

You can get the content of resource policy using the command aws logs describe-resource-policies.

Try deleting some of the resource policies or try deploying in a new account if you don't want to change the log group name as suggested in the exception thrown.

[github-actions[bot]]

This issue is stale because it has been open for 60 days with no activity.

[github-actions[bot]]

This issue was closed because it has been inactive for 30 days since being marked as stale.