From a comment from rhn-engineering-aconway, it was mentioned that in order to forward logs to CloudWatch in a different AWS account, it is enough to override the aws keys in the (instance) Secret in the openshift-logging namespace:

https://issues.redhat.com/browse/APPSRE-3284?focusedCommentId=16140552&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16140552

This Secret will get overwritten back to it's original values after a short while.

This means we can not rely on forwarding logs to our own AWS account.

cc jeder@redhat.com