Winston Cloudwatch doesn't work with EC2 and Assumed Role

[markolucky7]

I've tried to set up Winston Cloudwatch and it works perfectly if I have the AWS credentials in the .aws directory, or if I pass AWS credentials directly to WinstonCloudwatch.

It doesn't work when deployed to EC2, where we have an assumed role - with the correct policies. I keep getting:

 AccessDeniedException: User: xyz is not authorized to perform: logs:DescribeLogStreams 

The problem is that the xyz user is not the correct user from the Assumed role.

When I try to run the AWS CLI commands directly on EC2 they do work with the correct assumed role and I'm able to access CloudWatch Logs.

Has somebody tried that setup?