I’m getting confused with when to create an IAM user and when to use IAM Roles for an EC2 instance. In the video (12.2), the lecturer notes that in order for the EC2 instance to write to CloudWatch it needs permissions in the form of a IAM Role. However, when looking through the first Lab exercise, the lecturer downloads a python script that essential configures the AWS CLI and then the CloudWatch agent. Then through the console, an IAM user is created with credentials in order for the instance to access CloudWatch.
Please would someone clarify this discrepancy,