Support AWS S3 SSO credentials when specifying profile in binary cache URL

[cpcloud]

Is your feature request related to a problem? Please describe.

When specifying the profile=my-profile parameter in an S3 binary cache URL, SSO credentials ignored. A profile's existence doesn't necessarily imply auth using ~/.aws/credentials`, yet it is treated that way by nix.

This appears to be because the code here will use ProfileConfigFileAWSCredentialsProvider when the profile parameter is provided. Unfortunately that class appears to force looking for credentials in ~/.aws/credentials.

SSO works when a profile using it is named default, since that'll hit the default credentials provider chain.

Describe the solution you'd like

I'd like the profile parameter to take effect regardless of credentials provider method.

Describe alternatives you've considered

One alternative I see is to name anything that must use SSO default, which is undesirable because I have multiple profiles that auth this way.

The other is to set AWS_PROFILE, which appears to work.

Additional context

[arianvp]

The workaround is to set AWS_PROFILE environment variable on nix-daemon. This profile-selection code should be ripped out and we should just use the default AWS SDK Credential chain in my opinion.

[arianvp]

Note that the whole AWS credential stuff is generally a bit of a pain in the butt because both your current user needs to have access to the credentials as well as the root user. Because for example substitution is done by the nix-daemon.