Add option to specify a custom STS endpoint

[ianroberts]

Describe the feature

Add an option to specify the STS endpoint URL explicitly, as an alternative to deriving it automatically from the AWS region.

Use Case

I want to be able to use GitHub tokens for federated authentication to a Minio storage server - this uses an S3-compatible API for storage operations, but also includes an STS-compatible endpoint providing the AssumeRoleWithWebIdentity action to generate access credentials for the S3-compatible API using a federated identity token. As far as I can see this would be possible using the configure-aws-credentials action if there were the option to specify an explicit endpoint parameter in place of (or as well as) the region in CredentialsClient.stsClient():

https://github.com/aws-actions/configure-aws-credentials/blob/fff2104678c2113fcefb9ae8294dc7ccb803e27c/src/CredentialsClient.ts#L33-L37

Proposed Solution

• add a new input sts-endpoint to the action
• pass this through to the CredentialsClient constructor
• if an endpoint has been specified, forward this to the STSClient constructor. Otherwise behave as normal, letting STSClient build its own default endpoint from the region name.

Other Information

No response

Acknowledgements

• [X] I may be able to implement this feature request
• [ ] This feature might incur a breaking change

[tim-finnigan]

Thanks for the feature request, I'm not sure if we would consider this but would like to get more input from the community. Also I think this somewhat overlaps with https://github.com/aws-actions/configure-aws-credentials/issues/305.