Skip to content

[receiver/awscloudwatch] Use LogGroupIdentifier for cross-account log groups#47746

Open
Vanshul97 wants to merge 1 commit intoopen-telemetry:mainfrom
Vanshul97:fix/cloudwatch-cross-account-arn
Open

[receiver/awscloudwatch] Use LogGroupIdentifier for cross-account log groups#47746
Vanshul97 wants to merge 1 commit intoopen-telemetry:mainfrom
Vanshul97:fix/cloudwatch-cross-account-arn

Conversation

@Vanshul97
Copy link
Copy Markdown

@Vanshul97 Vanshul97 commented Apr 18, 2026

Summary

Fix cross-account log group discovery via AWS OAM by using LogGroupIdentifier (ARN) instead of LogGroupName in FilterLogEvents calls.

Fixes #46159

Problem

When using the AWS CloudWatch receiver with include_linked_accounts: true and account_identifiers for cross-account log collection via AWS OAM:

  1. DescribeLogGroups correctly discovers log groups from linked accounts
  2. But FilterLogEvents uses LogGroupName (just the name), which only searches the monitoring account's own log groups
  3. AWS requires the full ARN via LogGroupIdentifier to read logs from linked accounts
  4. Result: ResourceNotFoundException for every cross-account log group

Fix

  • Added groupIdentifier field to streamNames and streamPrefix structs to store the log group ARN
  • Modified discoverGroups() to capture lg.Arn from the DescribeLogGroups response
  • Modified request() methods to use LogGroupIdentifier when an ARN is available, falling back to LogGroupName for single-account scenarios (backward compatible)

Test Plan

  • All existing tests pass
  • Code compiles cleanly
  • Backward compatible — single-account scenarios continue using LogGroupName since ARN won't be set for non-cross-account groups

@Vanshul97
[receiver/awscloudwatch] Use LogGroupIdentifier for cross-account log…
abb3faf 
… groups

When log groups are discovered via AWS OAM cross-account autodiscovery,
use LogGroupIdentifier (ARN) instead of LogGroupName in FilterLogEvents
calls. AWS requires the full ARN to read logs from linked accounts;
using just the name causes ResourceNotFoundException because it only
searches the monitoring account's own log groups.

The fix stores the log group ARN from DescribeLogGroups and uses
LogGroupIdentifier when the ARN is available, falling back to
LogGroupName for single-account scenarios.

Fixes open-telemetry#46159
@Vanshul97 Vanshul97 requested a review from a team as a code owner April 18, 2026 18:30
@Vanshul97 Vanshul97 requested a review from pjanotti April 18, 2026 18:30
@github-actions github-actions bot added the first-time contributor PRs made by new contributors label Apr 18, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 18, 2026

Welcome, contributor! Thank you for your contribution to opentelemetry-collector-contrib.

Important reminders:

A maintainer will review your pull request soon. Thank you for helping make OpenTelemetry better!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pjanotti pjanotti Awaiting requested review from pjanotti pjanotti is a code owner automatically assigned from open-telemetry/collector-contrib-approvers

At least 1 approving review is required to merge this pull request.

Assignees

@pjanotti pjanotti

Labels

first-time contributor PRs made by new contributors receiver/awscloudwatch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[receiver/awscloudwatch] Cross-account autodiscovery fails to read logs — FilterLogEvents uses LogGroupName instead of LogGroupIdentifier (ARN)

2 participants

@Vanshul97 @pjanotti