Invalid AccountPolicy Request error when provisioning aws cloud watch subscription filter

Question

I was trying to implement a cloud watch subscription filter with account level policy similar to what mentioned here , Example 2: Subscription filters with AWS Lambda. I was using sam template.

This is the relevant section from my template.yaml

  LogsGenFunction:
    Type: AWS::Serverless::Function
    Metadata:
      BuildMethod: makefile
    Properties:
      Description: Lambda function that subscribes to cloud watch logs
      Environment:
        Variables:
          POWERTOOLS_SERVICE_NAME: LogsGen
          POWERTOOLS_LOG_LEVEL: INFO
      CodeUri: LogsGenFunction
      Handler: lambdas/dist/logsGen.handler
      MemorySize: 256
      Policies:
      - AWSLambdaBasicExecutionRole
      - AmazonSSMFullAccess
      Layers:
      - Ref: NodeLibLayer

  LogsGenFunctionLogs:
    Type: AWS::Logs::LogGroup
    Properties:
      LogGroupName:
        Fn::Join:
        - ''
        - - /aws/lambda/
          - Ref: LogsGenFunction
      RetentionInDays:
        Ref: RetentionPeriod
      Tags:
      - Key: subscribe-nr
        Value:
          Ref: LogGroupTagValue

  LogsSubscriberFuntion:
    Type: AWS::Serverless::Function
    Metadata:
      BuildMethod: makefile
      SamResourceId: LogsSubscriberFuntion
    Properties:
      Description: Lambda function that subscribes to cloud wtach logs
      Environment:
        Variables:
          POWERTOOLS_SERVICE_NAME: LogsSubscriber
          POWERTOOLS_LOG_LEVEL: INFO
      CodeUri: LogsSubscriberFuntion
      Handler: lambdas/dist/logsSubscriber.handler
      MemorySize: 256
      Policies:
      - AWSLambdaBasicExecutionRole
      - AmazonSSMFullAccess          
      Layers:
      - Ref: NodeLibLayer

  LogsSubscriberFunctionLogs:
    Type: AWS::Logs::LogGroup
    Properties:
      LogGroupName:
        Fn::Join:
        - ''
        - - /aws/lambda/
          - Ref: LogsSubscriberFuntion
      RetentionInDays:
        Ref: RetentionPeriod
      Tags:
      - Key: subscribe-nr
        Value:
          Ref: LogGroupTagValue

  CloudWatchSubscriptionFunctionPermission:
    Type: AWS::Lambda::Permission
    Properties:
      FunctionName:
        Fn::GetAtt:
        - LogsSubscriberFuntion
        - Arn
      Action: lambda:InvokeFunction
      Principal: logs.amazonaws.com
      SourceArn: arn:aws:logs:<my-region>:<my-account-id>:log-group/aws/lambda/abc-*

  LogsAccountPolicy:
    Type: AWS::Logs::AccountPolicy
    Properties:
      PolicyName: example
      PolicyDocument: '{"DestinationArn":"arn:aws:lambda:<my-region>:<my-account-id>:function:<my-funtion-name>","FilterPattern": "Test", "Distribution": "Random"}'
      SelectionCriteria: LogGroupName NOT IN ["abc"]
      PolicyType: SUBSCRIPTION_FILTER_POLICY
      Scope: ALL

sam deploy thrown below error

Resource handler returned message: "Invalid request provided: AWS::Logs::AccountPolicy" RequestToken: a8dccb95-f175-d8bd-5c14-dfdddad924f0, HandlerErrorCode: InvalidRequest)

Not able to find out a way to fix this. Please help. SAM CLI, version 1.107.0, aws-cli/2.15.10