To grant Monitor read-only access to your AWS account, you will need to create an IAM user with specific permissions and generate an access key. The following instructions summarize the key steps and provide references to the official AWS documentation for detailed guidance.

1. Create an IAM User

• Sign in to the AWS Management Console.
• Navigate to IAM → Users and click Add user.
• Username: Choose a descriptive name such as `monitor`.
• Access type: Select Programmatic access (to generate access keys).

For detailed instructions, see the https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html.

2. Assign Permissions

You can grant permissions in one of two ways:

a. Use AWS Managed Policies (Recommended)

Attach the following AWS managed policies to the new user:

• In the "Set permissions" step, choose "Attach policies directly".
• Search for each policy by name and check the box next to it.

b. Use a Custom Policy

If you prefer finer control, you can attach a custom policy with these exact permissions:

• Click "Create policy" during the permissions step.
• Choose the JSON editor and add a policy similar to the following: 

  {
    "Version": "2012-10-17",
    "Statement": [
      {
        "Effect": "Allow",
        "Action": [
          "ec2:DescribeInstances",
          "ec2:DescribeRegions",
          "ec2:DescribeVolumes",
          "account:GetAccountInformation"
        ],
        "Resource": "*"
      }
    ]
  }

• Save the policy and attach it to the new user.

For a step-by-step guide, see the AWS documentation on creating and attaching IAM policies.

3. Create Access Keys

You will need programmatic access credentials for Monitor.

• After creating the user, on the "Success" page, click “Download .csv” or copy the access key and secret access key.

Full instructions and screenshots: Managing access keys for IAM users.