support for role based S3 authentication options for both EC2 VMs and in EKS pods

[zoltan]

currently one must supply the AWS credentials, however, in systems running on AWS, those are actually not readily available as environment variables, because the EC2 VM or EKS pod uses IAM roles to get permissions.

the AWS SDK handles this, however, the current KvikIO code does not.

a workaround for EKS pods is to use:

TOKEN=$(cat $AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE)
export CREDS=$(curl $AWS_CONTAINER_CREDENTIALS_FULL_URI --header "Authorization: $TOKEN")
ACCESS_KEY_ID=$(echo $CREDS | jq -r '.AccessKeyId')
SECRET_ACCESS_KEY=$(echo $CREDS | jq -r '.SecretAccessKey')
SESSION_TOKEN=$(echo $CREDS | jq -r '.Token')

(original is at hashicorp/terraform-provider-aws#41473)

but would be great if this could be natively supported, along with EC2 IAM role based authorization.

[GregoryKimball]

Seems like we would need to compute and add an Authorization Header (AWS Signature Version 4)
https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html

Update: we could introduce a pattern to obtain the credentials from the container.

Thanks @zoltan for raising this. It's not something we can pick up immediately, but I'm grateful to have this request documented.