I understand that security plays a big role when dealing with sensitive information such as your cloud infrastructure. I take all precautions to make this web application as secure as possible using HTTPS - headers for XSS protection and XSRF-TOKEN tokens. Still I need a valid amazon token to access the AWS EC2 API. This token is only stored in localstorage in your browser so you wont have to constantly re-enter it. It's never stored on the server!
Its your responsibility to create a new amazon user which has read-only access for EC2 only and exclusive use it for this application so you can disable it once not longer needed. Please refer to the Help section on how to do this.