AWS Certified Solutions Architect - Associate (SAA-C02)

Sign Up Free or Log In to participate!

Chapter 12.2

I’m getting confused with when to create an IAM user and when to use IAM Roles for an EC2 instance. In the video (12.2), the lecturer notes that in order for the EC2 instance to write to CloudWatch it needs permissions in the form of a IAM Role. However, when looking through the first Lab exercise, the lecturer downloads a python script that essential configures the AWS CLI and then the CloudWatch agent. Then through the console, an IAM user is created with credentials in order for the instance to access CloudWatch.

Please would someone clarify this discrepancy,

Thank you.

Sattam Alshoubaki

IAM user needed to allow ec2 instance connects to aws services in general but role will be linked to EC2 instance itself to take authorization for specific aws service


Thanks Sattam. Reading through the AWS documentation, in particular "How do roles for EC2 instances work", it mentions Roles should be used in order to grant an EC2 instance temporary credentials to access other servives like S3.

0 Answers

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?