How to set up IAM Role Permissions for VPC CloudWatch logs?
Solution 1:
You may want to ensure that your IAM policy has "vpc-flow-logs.amazonaws.com" defined as a trust entity. You can check (and set) the trust entity using the AWS Management Console under the IAM/Roles section and searching for your IAM Role name.