When utilizing private GitHub Actions Runners, read IAM access from instance

[jcam]

When using a private GitHub Actions Runner, it would be very useful to allow parsing the IAM access credentials from the instance profile, utilizing the workflow attributes as overrides.

[abhilash1in]

From AWS documentation:

For applications, AWS CLI, and Tools for Windows PowerShell commands that run on the instance, you do not have to explicitly get the temporary security credentials—the AWS SDKs, AWS CLI, and Tools for Windows PowerShell automatically get the credentials from the EC2 instance metadata service and use them.

I think simply omitting accessKeyId and secretAccessKey if Inputs.AWS_ACCESS_KEY_ID and Inputs.AWS_SECRET_ACCESS_KEY are not passed should do the trick.

https://github.com/action-factory/aws-secrets-manager-action/blob/98c59d606cdcc7986382e9d3b6e7be50db9fba25/src/index.ts#L11-L15

I can work on this but I have no way to test it since I don't have a self-hosted EC2 based GitHub Actions Runner (yet).

@jcam will you be able to alpha-test the fix once I'm done?

[jcam]

First I have to see it read a secret... will see when i get a working setup

[jcam]

I've discovered that this works without modification!