Generally, S3 permissions from other services are managed via a Bucket Policy for example: allowing Cloudtrail to send logs to S3.
However, for CRR (Cross-Region replication) or SRR (Same-Region replication), AWS thought of using Roles for S3 permissions - I was just thinking what could be the reason why they never went for putting Bucket Policies each on Source and Target buckets allowing the Principal as "Principal": {"Service": "s3.amazonaws.com"}
Could this be just a design preference from AWS or does it solve any other potential challenges?