As an engineer

I want to have the option of full Cloudwatch logs created by the master node rather than the slave

So that I can support deployment patterns where master runs in a controlling account and slaves utilise an IAM role with very limited privelege and with ONLY privilige over the target account (i.e. no access back to logs in the account containing the master server).

Additional context:

A pattern we are working utilises EKS based slaves that are given their roles through OIDC connector into a target account. The role associated has limited access to the target account and NO access to the account where the Jenkins master is created. Our use case is better to have the logs in this master account and have the master provide all the logging capability.

I created a feature for the aws-cloudwatch-logs-publisher noted here https://issues.jenkins.io/browse/JENKINS-65917 to remove ANSI escape sequences for readability because, for now, this fits our deployment pattern better although I would have preferred to contribute to this project.