LimitExceededException
aws
resource_error
ai_generated
true
调用PutResourcePolicy操作时发生错误(LimitExceededException):日志组的资源策略已达上限
An error occurred (LimitExceededException) when calling the PutResourcePolicy operation: Resource policy limit reached for log group
ID: aws/cloudwatch-logs-resource-policy-limit
85%修复率
84%置信度
1证据数
2024-03-01首次发现
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| cloudwatch-logs-2024 | active | — | — | — |
| aws-cli-2.16.0 | active | — | — | — |
根因分析
CloudWatch Logs资源策略大小超过每个账户每个区域5120字符的限制。
English
CloudWatch Logs resource policy size exceeds the 5120 character limit per account per region.
官方文档
https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html解决方案
-
List existing resource policies and remove unnecessary ones: aws logs describe-resource-policies. Then delete unused policies: aws logs delete-resource-policy --policy-name oldpolicy. Ensure total policy characters across all policies ≤ 5120.
-
Consolidate multiple resource policies into one by combining statements in a single policy document. Example: create a new policy with multiple statements using PutResourcePolicy.
无效尝试
常见但无效的做法:
-
100% 失败
删除日志组不会影响账户级别的资源策略限制。
-
100% 失败
更改保留期与资源策略配额无关。