Closed kdgregory closed 1 year ago
This appears to be an issue with Logback: it doesn't report errors unless debugging is enabled. Both Log4J1 and Log4J2 report the error. I suspect that the reason I thought an active Deny was being reported was that I had debug enabled for that run.
If the log-writer does not have
logs:PutLogEvents
it should report the error. However, it's silently retrying the batch, which will eventually lose messages. It does operate as expected if there's an active Deny on this permission.It looks like both
CloudWatchFacadeImpl.transformException()
andCloudWatchLogWriter.sendBatch()
are doing the right thing, so unclear why this is happening.Underlying exception: