@aws-cdk/aws-logs: Resource handler returned message: "Invalid request provided: AWS::Logs::ResourcePolicy"
See original GitHub issueWhat is the problem?
I am trying to create a custom log group for my CodeBuild project as follows (sample code):
// Create Log Group
const myLogGroup = new log.LogGroup(this, 'my-log-group-label', {
logGroupName : 'my-log-group-name',
removalPolicy : cdk.RemovalPolicy.RETAIN,
retention : log.RetentionDays.ONE_WEEK,
});
// Create CodeBuild Project
this.project = new codebuild.PipelineProject(this, 'my-build-project-label', {
projectName : 'my-build-project-name',
role : myRole,
buildSpec : myBuildSpec,
environmentVariables : myBuildEnv,
environment : {
buildImage : codebuild.LinuxBuildImage.STANDARD_5_0,
privileged : true,
},
logging : {
cloudWatch : {
logGroup : myLogGroup,
}
},
timeout : cdk.Duration.minutes(30),
concurrentBuildLimit : 2,
});
…which produces the following cdk diff
output:
Resources
[+] AWS::Logs::LogGroup my-build-project-label/my-log-group-label mybuildprojectlabelnmyloggrouplabelC60E4D49
[+] AWS::Logs::ResourcePolicy my-build-project-label/my-log-group-label/Policy/ResourcePolicy mybuildprojectlabelnmyloggrouplabelPolicyResourcePolicyBF9984F2
[~] AWS::CodeBuild::Project my-build-project-label/nginx-base-codebuild mybuildprojectlabelnginxbasecodebuild03689A42
└─ [+] LogsConfig
└─ {"CloudWatchLogs":{"GroupName":{"Ref":"mybuildprojectlabelnmyloggrouplabelC60E4D49"},"Status":"ENABLED"}}
Reproduction Steps
Create Log Group using the code above and associate it with a CodeBuild Project with:
logging : {
cloudWatch : {
logGroup : myLogGroup,
}
},
What did you expect to happen?
I expect that Log Group would be created with the parameters I specified.
What actually happened?
When I run cdk deploy my-pipeline --role-arn some-role-arn
I am getting:
9:54:58 AM | CREATE_FAILED | AWS::Logs::ResourcePolicy | nginx...urcePolicyBF9984F2
Resource handler returned message: "Invalid request provided: AWS::Logs::ResourcePolicy" (RequestToken: 4d4d5fe5-844a-cc6a-7e8
5-28dcb059b695, HandlerErrorCode: InvalidRequest)
new ResourcePolicy (/Users/myuser/Development/nginx-base/node_modules/@aws-cdk/aws-logs/lib/policy.ts:25:5)
\_ LogGroup.addToResourcePolicy (/Users/myuser/Development/nginx-base/node_modules/@aws-cdk/aws-logs/lib/log-group.tlowing resource(s) failed to create: [nginxbasepipelinecodebuildnginxbasepipelineloggroupPoli
s:121:21)
\_ Function.addToPrincipalOrResource (/Users/myuser/Development/nginx-base/node_modules/@aws-cdk/aws-iam/lib/grant.t
s:76:45)
\_ LogGroup.grant (/Users/myuser/Development/nginx-base/node_modules/@aws-cdk/aws-logs/lib/log-group.ts:103:22)
\_ LogGroup.grantWrite (/Users/myuser/Development/nginx-base/node_modules/@aws-cdk/aws-logs/lib/log-group.ts:98:17)
\_ PipelineProject.renderLoggingConfiguration (/Users/myuser/Development/nginx-base/node_modules/@aws-cdk/aws-codebu
ild/lib/project.ts:1022:32)
\_ new Project (/Users/myuser/Development/nginx-base/node_modules/@aws-cdk/aws-codebuild/lib/project.ts:718:24)
\_ new PipelineProject (/Users/myuser/Development/nginx-base/node_modules/@aws-cdk/aws-codebuild/lib/pipeline-projec
t.ts:12:5)
\_ new NginxBaseCodeBuildProject (/Users/myuser/Development/nginx-base/lib/nginx-base-codepipeline.ts:244:20)
\_ new NginxBaseCodePipelineStack (/Users/myuser/Development/nginx-base/lib/nginx-base-codepipeline.ts:112:31)
\_ Object.<anonymous> (/Users/myuser/Development/nginx-base/bin/nginx-base.ts:35:1)
\_ Module._compile (internal/modules/cjs/loader.js:1068:30)
\_ Module.m._compile (/Users/myuser/Development/nginx-base/node_modules/ts-node/src/index.ts:1371:23)
\_ Module._extensions..js (internal/modules/cjs/loader.js:1097:10)
\_ Object.require.extensions.<computed> [as .ts] (/Users/myuser/Development/nginx-base/node_modules/ts-node/src/inde
x.ts:1374:12)
\_ Module.load (internal/modules/cjs/loader.js:933:32)
\_ Function.Module._load (internal/modules/cjs/loader.js:774:14)
\_ Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:72:12)
\_ main (/Users/myuser/Development/nginx-base/node_modules/ts-node/src/bin.ts:331:12)
\_ Object.<anonymous> (/Users/myuser/Development/nginx-base/node_modules/ts-node/src/bin.ts:482:3)
\_ Module._compile (internal/modules/cjs/loader.js:1068:30)
\_ Object.Module._extensions..js (internal/modules/cjs/loader.js:1097:10)
\_ Module.load (internal/modules/cjs/loader.js:933:32)
\_ Function.Module._load (internal/modules/cjs/loader.js:774:14)
\_ Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:72:12)
\_ internal/main/run_main_module.js:17:47
❌ my-pipeline failed: Error: The stack named my-pipeline failed to deploy: UPDATE_ROLLBACK_COMPLETE
at Object.waitForStackDeploy (/usr/local/lib/node_modules/aws-cdk/lib/api/util/cloudformation.ts:309:11)
at processTicksAndRejections (internal/process/task_queues.js:95:5)
at prepareAndExecuteChangeSet (/usr/local/lib/node_modules/aws-cdk/lib/api/deploy-stack.ts:351:26)
at CdkToolkit.deploy (/usr/local/lib/node_modules/aws-cdk/lib/cdk-toolkit.ts:194:24)
at initCommandLine (/usr/local/lib/node_modules/aws-cdk/bin/cdk.ts:267:9)
The stack named my-pipeline failed to deploy: UPDATE_ROLLBACK_COMPLETE
CDK CLI Version
1.133.0 (build 2dea31a)
Framework Version
No response
Node.js Version
v14.17.0
OS
MacOS Monterey 12.0.1
Language
Typescript
Language Version
TypeScript 4.5.2
Other information
No response
Issue Analytics
- State:
- Created 2 years ago
- Reactions:10
- Comments:8 (1 by maintainers)
Top Results From Across the Web
Resource handler returned message: "Invalid request provided
I'm creating a CloudFormation stack for ECS automation and I'm using an internal NLB. I'm having a problem with the ListenerRule that returns...
Read more >How to troubleshoot Cloudformation "Invalid request provided
My Cloudformation Template is running into this Error when trying to create a ListenerRule.: >Resource handler returned message: "Invalid request provided: ...
Read more >Handler error codes - CloudFormation Command Line Interface
One of the following error codes MUST be returned from the handler ... The credentials provided by the user are invalid. Type: Terminal....
Read more >AWS CloudFormation returning "Invalid request" when trying ...
Beyond TTL and DependsOn, the main idea is to make sure that the system does not attempt to create the recordset using references...
Read more >You're getting "Invalid request provided: AWS::CloudFront
Resource handler returned message : “Invalid request provided: AWS::CloudFront::PublicKey”. Like me, you might be working on a Serverless.com ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I’m seeing this as well when creating an ecs LogGroup and trying to deploy it.
Upgraded to v1.139.0, the same issue.