You may also create a new IAM user with Read Only Permissions. Either way, there can be no doubt from an infrastructure integrity and security perspective that Hava cannot change or update anything in your environment and is limited to reading the data it needs to visualise your AWS environment.