Claudio
I’m getting confused with when to create an IAM user and when to use IAM Roles for an EC2 instance. In the video (12.2), the lecturer notes that in order for the EC2 instance to write to CloudWatch it needs permissions in the form of a IAM Role. However, when looking through the first Lab exercise, the lecturer downloads a python script that essential configures the AWS CLI and then the CloudWatch agent. Then through the console, an IAM user is created with credentials in order for the instance to access CloudWatch.
Please would someone clarify this discrepancy,
Thank you.
IAM user needed to allow ec2 instance connects to aws services in general but role will be linked to EC2 instance itself to take authorization for specific aws service
Thanks Sattam. Reading through the AWS documentation, in particular "How do roles for EC2 instances work", it mentions Roles should be used in order to grant an EC2 instance temporary credentials to access other servives like S3.
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html