We need read-only access to scan your source environment. No write permissions required.
ReadOnlyAccess and trust principal arn:aws:iam::AVAILABL_ACCOUNT:root. We never store your credentials.
The target account needs write permissions so Availabl can recreate your resources there.
Double-check the details before we start the inventory scan.