aws-ecs: LogDriver automatically creates log-resource-policies, exhausting unmodifiable resource limit

[trks1970]

Describe the bug

We are running 12 Fargate containers, each of them logging to CloudWatch via LogDriver, creare with cdk.

However, the last 2 fails to deploy, due to
"Resource limit exceeded. (Service: CloudWatchLogs, Status Code: 400,

which I understand is fixed at 10 and that is it. No way to change.

However, it looks like log-resource-policy is created automaticall by LogDriver, which uses up the amount.

Expected Behavior

It is not possible a) not to create a policy or b) reuse a policy

Current Behavior

A log-resource-policy is created with each LogDriver.awsLogs call.

Reproduction Steps

Deploy 10 Containers with LogDriver

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.40.0 (build 56ba2ab)

Framework Version

aws-cdk-lib:2.27.0

Node.js Version

16.15.1

OS

Win10

Language

Java

Language Version

Kotlin

Other information

No response

[pahud]

@trks1970 This makes sense to me. Before we dive deep into the fix, can you provide reproduction steps with CDK code that can help us quickly reproduce this issue from our end?

[github-actions]

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

[trks1970]

Will take some time to provide an example.