# Read Only IAM User ### How to create a Read Only IAM User Using a cross account role is AWS best practice and the preferred method to enable Hava to build your environment diagrams and log changes. If you prefer to set up access via a key pair, then follow these instructions. Log in to your AWS console & open the Services menu. Select IAM from the Security, Identity & Compliance options : ![](https://www.hava.io/hubfs/documentation/getting-started/Getting_Started_AWS_Management_Console.jpg) Select Users : ![](https://www.hava.io/hubfs/documentation/getting-started/Getting_Started_IAM_Management_Console.jpg) Click "Add User" : ![](https://www.hava.io/hubfs/documentation/getting-started/Getting_Started_IAM_Add_User.jpg) Enter a memorable User Name and set the access type to "Programmatic Access" ![](https://www.hava.io/hubfs/documentation/getting-started/Getting_Started_IAM_Add_User_2.jpg) Click "Next Permissions" to move to the set permissions dialogue. Select "Attach existing policies directly" Scroll through the policies : locate and select "ReadOnlyAccess" : ![](https://www.hava.io/hubfs/documentation/getting-started/Getting_Started_IAM_Add_User_Permissions.jpg) Click Next to advance to the "Add tags" dialogue. **Skip this step**. Click "Next : Review" to advance to the review screen : ![](https://www.hava.io/hubfs/documentation/getting-started/Getting_Started_IAM_Add_User_Review.jpg) Click "Create User" : ![](https://www.hava.io/hubfs/documentation/getting-started/Getting_Started_IAM_Add_User_Step_5v2.jpg) You will get a screen confirming the successful creation of the new user and an Access Key ID and Secret Access Key credentials. You can write these down, however, to ensure accuracy we advise downloading the credentials.csv file and cutting & pasting the user credentials from there. You now have the necessary user and credentials to connect Hava to your AWS environment. Open the Hava Environments workspace and select Add Environments : ![](https://www.hava.io/hubfs/documentation/getting-started/Getting_Started_Add_Environment.jpg) Enter the Access Key and Secret Key from the previous step and click "Import" : ![](/files/CmoFPwfkJvefWVVjnJgE) Hava will now import your environment components, construct the diagrams and start logging changes as they happen. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.hava.io/importing/aws/getting-started-with-aws/read-only-iam-user.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.