Stax Spotlight accesses your AWS metadata using AWS best practices, as described here.
We believe that the right way to manage infrastructure is always to use automation, as this gives you safety and repeatability. Best practice for AWS automation is to use AWS CloudFormation.
So we provide a CloudFormation script which creates the IAM roles we need. To perform the linking, your user needs the ability to create a CloudFormation stack, and the ability to create an IAM role.
In specific IAM permissions, this is:
If your IAM user has the AdministratorAccess managed policy attached then these are included. You can also use the root IAM user, though that is not best practice and we don't recommend taking any actions as the root IAM user. (This is one of the things that Stax Spotlight checks for!)