ProsperOps only needs least privilege access to actively manage your commitment discount portfolio and passively monitor your cost data and AWS compute estate. No agent is required, only an AWS IAM role. That role prevents our ability to manipulate (launch, start, stop, terminate) your engineering resources and we have no ability to access your EC2 instances, Fargate containers, or Lambda functions. As such, ProsperOps has no ability to impact application performance, availability, etc.
We're firm believers in the security principle of least privilege, so our permission set includes the minimum amount of access we need to run our analysis and nothing more.