{
  "id": "aws/cloudwatch-logs-resource-policy-limit",
  "signature": "An error occurred (LimitExceededException) when calling the PutResourcePolicy operation: Resource policy limit reached for log group",
  "signature_zh": "调用PutResourcePolicy操作时发生错误（LimitExceededException）：日志组的资源策略已达上限",
  "regex": "LimitExceededException.*Resource policy limit reached for log group",
  "domain": "aws",
  "category": "resource_error",
  "subcategory": null,
  "root_cause": "CloudWatch Logs resource policy size exceeds the 5120 character limit per account per region.",
  "root_cause_type": "generic",
  "root_cause_zh": "CloudWatch Logs资源策略大小超过每个账户每个区域5120字符的限制。",
  "versions": [
    {
      "version": "cloudwatch-logs-2024",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "aws-cli-2.16.0",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    }
  ],
  "os_specific": {},
  "dead_ends": [
    {
      "action": "",
      "why_fails": "删除日志组不会影响账户级别的资源策略限制。",
      "fail_rate": 1.0,
      "condition": "",
      "sources": []
    },
    {
      "action": "",
      "why_fails": "更改保留期与资源策略配额无关。",
      "fail_rate": 1.0,
      "condition": "",
      "sources": []
    }
  ],
  "workarounds": [
    {
      "action": "List existing resource policies and remove unnecessary ones: aws logs describe-resource-policies. Then delete unused policies: aws logs delete-resource-policy --policy-name oldpolicy. Ensure total policy characters across all policies ≤ 5120.",
      "success_rate": 0.9,
      "how": "List existing resource policies and remove unnecessary ones: aws logs describe-resource-policies. Then delete unused policies: aws logs delete-resource-policy --policy-name oldpolicy. Ensure total policy characters across all policies ≤ 5120.",
      "condition": "",
      "sources": []
    },
    {
      "action": "Consolidate multiple resource policies into one by combining statements in a single policy document. Example: create a new policy with multiple statements using PutResourcePolicy.",
      "success_rate": 0.85,
      "how": "Consolidate multiple resource policies into one by combining statements in a single policy document. Example: create a new policy with multiple statements using PutResourcePolicy.",
      "condition": "",
      "sources": []
    }
  ],
  "workarounds_zh": [
    "List existing resource policies and remove unnecessary ones: aws logs describe-resource-policies. Then delete unused policies: aws logs delete-resource-policy --policy-name oldpolicy. Ensure total policy characters across all policies ≤ 5120.",
    "Consolidate multiple resource policies into one by combining statements in a single policy document. Example: create a new policy with multiple statements using PutResourcePolicy."
  ],
  "transition_graph": {
    "leads_to": [],
    "preceded_by": [],
    "frequently_confused_with": []
  },
  "official_doc_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html",
  "official_doc_section": null,
  "error_code": "LimitExceededException",
  "verification_tier": "ai_generated",
  "confidence": 0.84,
  "fix_success_rate": 0.85,
  "resolvable": "true",
  "first_seen": "2024-03-01",
  "last_confirmed": "2024-06-01",
  "last_updated": "2024-06-01",
  "evidence_count": 1,
  "tags": [],
  "locale": "en",
  "aliases": []
}