When configuring the CloudWatch Logs input, there's no option to select the AssumeRole policy like there is for regular CloudWatch input. That presents a bit of an issue when you want to ingest CloudWatch Logs from multiple accounts without having to create an IAM User in each account. Is this a known issue, or am I looking at it the wrong way?
This is a bummer. I really wanted it.
From what I can tell this is a limitation of the TA. Evidently this type of input won't be supported in future versions but this is a real setback for a lot of users.