use case: we already have a read-only role created with infrastructure as code