logs:describe* is used in the Test Access routines to test for CloudWatch Describe Metric Filters and  CloudWatch Describe Log Groups.  Both of these are then used in the collection and processing of CloudWatch related log configurations.  Governance Polices uses collected data from these assets in the CIS and AWS Best Practices Policies.  Some examples are CIS 3.x for Metric Filters and  CIS 2.x CloudTrail CloudWatch Logs.

“What happens if I disable this permission or further restrict it?” or “Why do I need this permission?“.  Here the answer is that we will not collect some data this used in the platform for things like security best practices and CIS policies.  Without this data some polices may not detect security or other violations.  It is not recommended to remove or modify this permission on the account IAM role.