In order to retrieve and list your assets (Instances, Security Groups) from your Amazon Web Services EC2 account through API, Elastic Detector need ReadOnly credentials. Here is how to create such credentials using Amazon Web Services Identity and Access Management (IAM).
Login to your Amazon Web Services account through AWS Console, and open IAM service.
Step 1: Set EC2ReadOnly Group
Step 2: Set EC2ReadOnly Policy
Step 3: Set EC2ReadOnly User
Step 4: Generate Group, Policy, User and Credentials
Step 5: Save Credentials
Save you credentials by clicking on the “Download Credentials” button and start using them.
NB: Pay attention that if you do not download those credentials or use the show option to register them, you won’t be able to retrieve them and you will have to regenerate new credentials.
Step 6: To go Further and finely tune your Policy
During Permission step, you can use the Policy Generator to create the policy with the minimal requirement for your needs. As a security guy, I strongly advise to follow the principle of least privilege.
For example, in Elastic Detector, the minimal policy is as follow:
Hope this helps.