I would like to centralize the AWS Config logs from the different AWS Accounts in a single S3 Bucket in one AWS Account.
I've configured the S3 Bucket exactly with the policy indicated at this link: https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-policy.html and I've assigned to AWS Config an IAM Role with exactly the policy indicated at the link: https://docs.aws.amazon.com/config/latest/developerguide/iamrole-permissions.html
Nevertheless, I'm still not able to make it working; The error I get is:
AWS Config cannot save your settings because of one of the following: The IAM role is updating in the system. Wait a moment and try again. AWS Config doesn't have sufficient permissions to send configuration information to the specified S3 bucket. Update the role or bucket permissions and try again.
And, from the Cloudtrail logs, I get:
Insufficient delivery policy to s3 bucket: clim8-logs-aws-config, unable to write to bucket, provided s3 key prefix is 'null', provided kms key is 'null'.
The even weird thing is that from the AWS Config present in the AWS Account where the S3 Bucket is located, everything works perfectly, so I guess that's just something due to the cross-account.
I've tried to find out some more indications in the AWS Docs, but I couldn't find anything.
Any hint on what I could have missed?
Thanks!
