I did not add support for finding the credentials, here, as it's probably appropriate to only do these HTTP requests once and provide the credentials using the same mechanism(s) already used, vs. replicating the request to get the credentials multiple times.
This is a common technique. If you SSH into an instance you can see for yourself,
ROLE=$(curl --silent http://169.254.169.254/latest/meta-data/iam/security-credentials/) curl --silent http://169.254.169.254/latest/meta-data/iam/security-credentials/$ROLE
I did not add support for finding the credentials, here, as it's probably appropriate to only do these HTTP requests once and provide the credentials using the same mechanism(s) already used, vs. replicating the request to get the credentials multiple times.