Enabling cloudwatch slowlogs and engine logs for elasticache redis cluster

0

Hello,
I'm trying to create log streams for slow logs and engine logs for elastic cache redis.
Redis returns this error : "Failed to grant access to log group <logGroup>. Check the length of the resource policy document". I have tried to add a resource policy in order to enable cloudwatch logs access but it doesn't work. Do you have any Idea ? Thanks a lot for your support

1 Answer
0

Hello there,

One of the problems for this error could be that your resource policies are violating the CloudWatch Logs resource policy size restrictions.

Please note that CloudWatch Logs resource policies are limited to 5120 characters as stated in the documentation, see reference [1].

To avoid reaching the CloudWatch Logs resource policy size limit, prefix your CloudWatch Logs log group names with /aws/vendedlogs/.

Also please take note that Redis Slow Log is supported for Redis cache clusters and replication groups using engine version 6.0 onward whilst Redis Engine Log is supported for Redis cache clusters and replication groups using engine version 6.2 onward, see reference [2].

It is also important to note that you must set the apply-immediately parameter for all log delivery modifications.

Make sure that you include the following IAM permissions in your IAM user/role policy (also see reference [3]):

  • logs:CreateLogDelivery
  • logs:UpdateLogDelivery
  • logs:DeleteLogDelivery
  • logs:FetLogDelivery
  • logs:listLogDeliveries

References:

[1] https://docs.aws.amazon.com/step-functions/latest/dg/bp-cwl.html

[2] https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Log_Delivery.html

[3] https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Logging-destinations.html

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions