I've tried to set up Winston Cloudwatch and it works perfectly if I have the AWS credentials in the .aws directory, or if I pass AWS credentials directly to WinstonCloudwatch.
It doesn't work when deployed to EC2, where we have an assumed role - with the correct policies. I keep getting:
AccessDeniedException: User: xyz is not authorized to perform: logs:DescribeLogStreams
The problem is that the xyz user is not the correct user from the Assumed role.
When I try to run the AWS CLI commands directly on EC2 they do work with the correct assumed role and I'm able to access CloudWatch Logs.
I've tried to set up Winston Cloudwatch and it works perfectly if I have the AWS credentials in the .aws directory, or if I pass AWS credentials directly to WinstonCloudwatch.
It doesn't work when deployed to EC2, where we have an assumed role - with the correct policies. I keep getting:
The problem is that the
xyz
user is not the correct user from the Assumed role.When I try to run the AWS CLI commands directly on EC2 they do work with the correct assumed role and I'm able to access CloudWatch Logs.
Has somebody tried that setup?