Configuring your application to access AWS requires generating an AWS API Key and configuring your application to use the AWS API Key. Creating an IAM user and assigning only the required permissions is recommended.


Open your AWS Console and then search for IAM (Identity and Access Management).

Click on Users (left panel) and click the Add User button.

Step 1: type a user name and click on the Programmatic access checkbox.


Step 2: click the Attach existing policies directly button. There are several ways to make this. You can create your policies or use groups. This is the simple, secure and easy way.

Then select the proper policy for your application. If the application only generates reports, such as AWS Inventory, the ReadOnlyAccess policy is enough and will work for all AWS services.


Also, you can narrow the policy to specific AWS Services, such AmazonEC2ReadOnlyAccess policy.


If the application will update or manage multiple AWS services, select the AdministratorAccess policy (preferred option for most of the deployments).


If the application updates or manipulate one single AWS service, for example, the RDS service, select only the FullAccess policy for only the service, in this case AmazonRDSFullAccess policy.


Step 3: Add optional tags, in you want.


Step 4: Review the user settings and then click on the Create User button.


Step 5: Copy the AWS Access Key and AWS Secret Key and store them securely.


Click here to configure your application to use the AWS API Keys.

Note #1: if you have issues to validate your credentials in AWS Inventory, create a new IAM user and attach the AdministratorAccess policy.

Note #2: Check this repo if you are looking for a restricted policy for AWS Inventory.