IAM Permissions
To use Fix Inventory with all it's features—including cleanup—it requires wide permissions to collect resources, perform tag validations and updates, as well as delete resources.
To use Fix Inventory in a read-only capacity, you can limit access to your cloud provider accordingly.
Fix Inventory will not delete resources marked for deletion by default, even with the neccessary permissions.
Fix Inventory will silently ignore collecting specific resources if it does not have the required permissions.
Amazon Web Services
Each version of Fix Inventory programmatically generates the specific IAM permissions it requires to collect (and optionally, manipulate) AWS resources.
Google Cloud
Each version of Fix Inventory programmatically generates the specific IAM permissions it requires to collect (and optionally, manipulate) Google Cloud resources.