Currently to fetch Cloudwatch data or RDS details the Vivid client requires an IAM user and access keys.
Slightly more modern solutions (last few years) use service accounts to give IAM permissions which requires the underlying application SDK to pick up the AWS_ROLEARN and access key off the file system to receive temporary creds, which negates the need for an IAM user to exist and dramatically increases the security posture of the product.
This is all fully supported by the Golang sdk that Vivid uses, so I think would be a relatively reasonable thing to implement, in fact should almost “just work”.
