...
AWS users should have access to create , and modify the IAM role.
AWS users should have access to assign a role to EC2 instance (LCP).
...
Get assumable role ARN from the Accenture MDR(device onboarding team) to configure it in the cloud formation template ACNMDRAwsAccountARN field.
Scope
Log Collection within same AWS account (Where LCP and logging resource(s) are in the same AWS account) (Mainly used for MDR self-monitoring)
Log Collection using cross AWS account (Where LCP is hosted in MDR SOC AWS account and logging resource is in Customer AWS account)
...