lazywithclass / winston-cloudwatch

Send logs to Amazon Cloudwatch using Winston.
MIT License
258 stars 105 forks source link

Winston Cloudwatch doesn't work with EC2 and Assumed Role #220

Open markolucky7 opened 1 year ago

markolucky7 commented 1 year ago

I've tried to set up Winston Cloudwatch and it works perfectly if I have the AWS credentials in the .aws directory, or if I pass AWS credentials directly to WinstonCloudwatch.

It doesn't work when deployed to EC2, where we have an assumed role - with the correct policies. I keep getting:

 AccessDeniedException: User: xyz is not authorized to perform: logs:DescribeLogStreams 

The problem is that the xyz user is not the correct user from the Assumed role.

When I try to run the AWS CLI commands directly on EC2 they do work with the correct assumed role and I'm able to access CloudWatch Logs.

Has somebody tried that setup?