I am facing problem with cloudwatch telegraf plugin. There is problem telegraf to assume role if “role_arn” is used as auth.This is error I am facing:
E! [inputs.cloudwatch] Error in plugin: AccessDenied: User: arn:aws:sts::xxxxx:assumed-role/RDSMetrics/i-01ce6d9df41b3028a is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::xxxxxx:role/RDSMetrics
Only when Admin policy is assigned to telegraf ec2 role, this problem is overcome. What is an issue with assuming role if non Admin policy is used?