There's a thousand ways to do it without SSH. It can be built into the app itself. It can be a special authenticated route to a suid script. It can be built into the current orchestration system. It can be pull-based using the a queue for system monitoring commands. It can be part of the existing monitoring agent. It can be run through AWS SSM. There's really no reason it has to be SSH.
And even got SSH you can have special keys with access authorised to only specific commands, so a service account would be better than personal in that case.
Personal ssh access is always better (from a security standpoint) than bot tokens and keys.