Fail to create Cloudwatch log stream with Terraform AWS provider v5.53.0 or any newer versions

liuzhiping · July 30, 2024, 9:34pm

Hello,

I have a terraform configuration script which is using for provision an AWS ECS cluster to deploy an OpenSearch cluster and it is working for using terraform AWS provider v5.52.0 or older version. However, the same terraform configuration script failed to start the ECS task for the provision of the OpenSearch cluster in an AWS ECS cluster with terraform AWS provider v5.23.0 or newer version. These two provisions are different only using different terraform AWS provider. Success one is using the terraform AWS provider v5.52.0 or older versions and failed one is using the terraform AWS provider v5.53.0 or new versions. What might be a cause and what approaches can be used to solve this issue?

Here is an error in the ECS task:

“Exit code: - CannotStartContainerError: Error response from daemon: failed to create task for container: failed to initialize logging driver: failed to create Cloudwatch log stream: operation error CloudWatch Logs: CreateLogStream, exceeded maximum number of attempts,View troubleshooting guide”.

I’ve made tests on the Terraform AWS Provider from v5.53.0 until v5.60.0 and all got the above same issue for creating aws cloudwatch stream. However, the older than version v5.20.0 are working fine.

Any idea or suggestion would be great appreciated!

Thank you,

Kind Regards,
Tome

acwwat · August 3, 2024, 4:33am

Could you please clarify whether it’s correct that v5.52.0 or older is working, but v5.53.0 is not? You have a few versions like v5.23.0 and v5.20.0 mentioned in the description, so it’s a bit confusing.

In any case, I looked the the release notes for v5.53.0 and even did a diff between the v5.53.0 and v5.52.0 source code, but didn’t see any suspicious changes for the ECS resources.

The only thing I would suggest for now is to try to see if there is more information on the CreateLogStream error in CloudTrail (assuming there’s nothing else in CloudWatch). Typically similar errors are related to insufficient IAM permissions, but in your case it could be something else.

liuzhiping · August 5, 2024, 2:38pm

Yes, the same terraform configuration script is working on v5.52.0 or older version of AWS terraform provider, but it failed on v5.53.0 up to latest version. In another word, any version older than v5.52.0 (included v5.52.0) is working fine. I’ll take a look at CloudTrail to see if there any errors there and will let you know.
Thanks a lot for helps!

system · February 1, 2025, 2:38pm

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
AWS Route53 Resolver Query Log Config - Terraform - error [RSLVR-00200] Terraform Providers tf-aws-provider-release	1	1630	March 11, 2022
Error creating CloudTrail with terraform AWS	0	2306	September 8, 2020
Does anyone used sumologic_cloudwatch_source to gather AWS cloudwatch log group/log streams? Terraform Providers	0	222	January 13, 2023
Terraform import aws_cloudwatch_log_group.test is looping and not able to complete AWS	0	708	March 4, 2022
Fail to create ecs service to terraform 1.5 with aws provider 5.9.0 AWS	3	782	September 2, 2023

Fail to create Cloudwatch log stream with Terraform AWS provider v5.53.0 or any newer versions

Related topics