Create the Transit Gateway Flow Logs source account role for Amazon S3

From the source account, create the source role in the AWS Identity and Access Management console.

Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.
In the navigation pane, choose Policies.
Choose Create policy.
On the Create policy page, do the following:
1. Choose JSON.
2. Replace the contents of this window with the permissions policy at the start of this section.
3. Choose Next: Tags and Next: Review.
4. Enter a name for your policy and an optional description, and then choose Create policy.
In the navigation pane, choose Roles.
Choose Create role.
For the Trusted entity type, choose Custom trust policy. For Custom trust policy, replace "Principal": {}, with the following, which specifies the log delivery service. Choose Next.
```
"Principal": {
   "Service": "delivery.logs.amazonaws.com"
},
```
On the Add permissions page, select the checkbox for the policy that you created earlier in this procedure, and then choose Next.
Enter a name for your role and optionally provide a description.
Choose Create role.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Amazon S3

Create a flow log that publishes to Amazon S3