Component(s)
receiver/awscloudwatch
What happened?
When using the awscloudwatch receiver with include_linked_accounts: true and account_identifiers for cross-account log collection via AWS OAM (Observability Access Manager), the receiver successfully discovers log groups from linked accounts but fails to read log events from them.
The discoverGroups() function correctly calls DescribeLogGroups with IncludeLinkedAccounts and AccountIdentifiers, which returns log groups from linked source accounts. However, it stores only the log group name (*lg.LogGroupName), and the subsequent FilterLogEvents call uses the LogGroupName field.
For cross-account log groups, AWS requires using the LogGroupIdentifier field with the full ARN (e.g., arn:aws:logs:eu-west-2:123456789:log-group:/aws/lambda/my-function). Using just the name causes FilterLogEvents to search only in the monitoring account's own log groups, resulting in ResourceNotFoundException.
Steps to reproduce
Set up AWS OAM: create a sink in the monitoring account and a link in the source account
Configure the receiver with cross-account autodiscovery:
awscloudwatch:
region: eu-west-2
logs:
poll_interval: 1m
groups:
autodiscover:
limit: 100
prefix: /aws/lambda/
account_identifiers: ["123456789"]
include_linked_accounts: true
The receiver discovers log groups from the linked account but every FilterLogEvents call fails with ResourceNotFoundException
Expected Result
The receiver should read log events from cross-account log groups discovered via OAM.
Actual Result
error awscloudwatchreceiver logs.go:208 there was an error during the poll
"error": "log group /aws/lambda/function-name no longer exists:
operation error CloudWatch Logs: FilterLogEvents, StatusCode: 400,
ResourceNotFoundException: The specified log group does not exist."
The log group does exist in the linked source account. Verified with the AWS CLI successfully:
# Discovery works (returns the log group from linked account):
aws logs describe-log-groups \
--log-group-name-prefix "/aws/lambda/functionname" \
--include-linked-accounts \
--account-identifiers "123456789" \
--region eu-west-2
# FilterLogEvents with name FAILS (looks in monitoring account only):
aws logs filter-log-events \
--log-group-name "/aws/lambda/functionname" \
--limit 1 --region eu-west-2
→ ResourceNotFoundException
# FilterLogEvents with ARN WORKS:
aws logs filter-log-events \
--log-group-identifier "arn:aws:logs:eu-west-2:functionname:log-group:/aws/lambda/functionname" \
--limit 1 --region eu-west-2
→ Returns log events successfull
Root cause
In , the discoverGroups() function stores only the log group name:
groups = append(groups, &streamNames{group: *lg.LogGroupName})
And the request() method uses LogGroupName:
base := &cloudwatchlogs.FilterLogEventsInput{
LogGroupName: &sn.group,
}
For cross-account log groups, FilterLogEventsInput.LogGroupIdentifier (which accepts an ARN) must be used instead of LogGroupName.
Collector version
v0.145.0
Environment information
Environment
OS: Amazon Linux 2 (ECS Fargate)
Deployment: ECS Fargate with otel/opentelemetry-collector-contrib:0.145.0
AWS OAM configured between monitoring and source accounts
OpenTelemetry Collector configuration
awscloudwatch:
region: eu-west-2
logs:
poll_interval: 1m
groups:
autodiscover:
limit: 100
prefix: /aws/lambda/
account_identifiers: ["123456789"]
include_linked_accounts: true
storage: file_storage/checkpoints
processors:
batch:
send_batch_size: 1024
timeout: 5s
exporters:
debug:
verbosity: basic
service:
pipelines:
logs:
receivers: [awscloudwatch]
processors: [batch]
exporters: [debug]Log output
error awscloudwatchreceiver logs.go:208 there was an error during the poll
"error": "log group /aws/lambda/lambda-test no longer exists:
operation error CloudWatch Logs: FilterLogEvents, StatusCode: 400,
ResourceNotFoundException: The specified log group does not exist."
Additional context
Suggested fix
When IncludeLinkedAccounts is enabled, discoverGroups() should store the log group ARN (from lg.LogGroupArn or lg.Arn in the DescribeLogGroups response), and the request() methods should use LogGroupIdentifier instead of LogGroupName.
Tip
React with 👍 to help prioritize this issue. Please use comments to provide useful context, avoiding +1 or me too, to help us triage it. Learn more here.
Component(s)
receiver/awscloudwatch
What happened?
When using the awscloudwatch receiver with include_linked_accounts: true and account_identifiers for cross-account log collection via AWS OAM (Observability Access Manager), the receiver successfully discovers log groups from linked accounts but fails to read log events from them.
The discoverGroups() function correctly calls DescribeLogGroups with IncludeLinkedAccounts and AccountIdentifiers, which returns log groups from linked source accounts. However, it stores only the log group name (*lg.LogGroupName), and the subsequent FilterLogEvents call uses the LogGroupName field.
For cross-account log groups, AWS requires using the LogGroupIdentifier field with the full ARN (e.g., arn:aws:logs:eu-west-2:123456789:log-group:/aws/lambda/my-function). Using just the name causes FilterLogEvents to search only in the monitoring account's own log groups, resulting in ResourceNotFoundException.
Steps to reproduce
Set up AWS OAM: create a sink in the monitoring account and a link in the source account
Configure the receiver with cross-account autodiscovery:
The receiver discovers log groups from the linked account but every FilterLogEvents call fails with ResourceNotFoundException
Expected Result
The receiver should read log events from cross-account log groups discovered via OAM.
Actual Result
The log group does exist in the linked source account. Verified with the AWS CLI successfully:
Root cause
In , the discoverGroups() function stores only the log group name:
And the request() method uses LogGroupName:
For cross-account log groups,
FilterLogEventsInput.LogGroupIdentifier(which accepts an ARN) must be used instead of LogGroupName.Collector version
v0.145.0
Environment information
Environment
OS: Amazon Linux 2 (ECS Fargate)
Deployment: ECS Fargate with otel/opentelemetry-collector-contrib:0.145.0
AWS OAM configured between monitoring and source accounts
OpenTelemetry Collector configuration
Log output
Additional context
Suggested fix
When IncludeLinkedAccounts is enabled, discoverGroups() should store the log group ARN (from lg.LogGroupArn or lg.Arn in the DescribeLogGroups response), and the request() methods should use LogGroupIdentifier instead of LogGroupName.
Tip
React with 👍 to help prioritize this issue. Please use comments to provide useful context, avoiding
+1orme too, to help us triage it. Learn more here.