Aws Cloudwatch log and lambda permissions

I’m upgrading to v13 and I’m having this issue, so this is the code I was running on v12

"data “aws_lambda_function” “logdna” {
function_name = “logdna_${var.environment}_cloudwatch”
}

resource “aws_cloudwatch_log_group” “default” {
name = “/ecs/${var.service_id}”
retention_in_days = “14”
}

resource “aws_cloudwatch_log_subscription_filter” “default” {
name = “${var.service_id}_logfilter”
log_group_name = aws_cloudwatch_log_group.default.name
filter_pattern = “”
destination_arn = data.aws_lambda_function.logdna.arn
}

resource “aws_lambda_permission” “default” {
statement_id = “AllowExecutionFrom-service”
action = “lambda:InvokeFunction”
function_name = “logdna_${var.environment}_cloudwatch”
principal = “logs.ca-central-1.amazonaws.com
source_arn = aws_cloudwatch_log_group.default.arn
}"

now on v13 I get this errror

“Error: Error creating Cloudwatch log subscription filter: InvalidParameterException: Could not execute the lambda function. Make sure you have given CloudWatch Logs permission to execute your function.”

I tried setting up the principal to “logs.amazonaws.com” but I got the same

any idea what could be wrong?

Thanks in advance