About aws auto unseal account - which permissions are needed?

I have an eks kubernetes cluster and I would like to install Vault on it by using helm chart.
Regarding to the documentation, in order to auto-unseal Vault on aws-eks, the credentials of an account must be defined as secret.

The documentation doesn’t provide enough information about this account. What kind of IAM account is it? Which permissions are needed?

Also, is this secret created in the same namespace with vault installation?

Could you please advise?

Thanks & Reagrds

Duplicate post, see: AWS EKS Auto Unseal

Not actually.
I created an IAM account but it doesn’t has any permissions. Is this enough to accomplish auto-unseal or should I assign some IAM permissions policies roles etc. to this account?