Operator can use stored credentials for AWS

[lisakaser]

5 story points

acceptance criteria: As operator I can run the tool and it will retrieve the valid AWS credentials from vault and publish CNM message to Kinesis stream. App will have to message that credentials were retrieved successfully and cnm messages are posted. Appropriate error messages if there are no credentials or not valid credentials.

Something similar was done on CMR mediator that could be reused here - Mike Laxer could help

VM is requested on long term; Short term we will not create VM but treat credentials similar to the VM will do in the future (credential tarball can be moved to VM once we get there)

Vault to be used as credential source

[juliacollins]

A few notes from the CMR mediator arena:

• The application currently uses the puppet-nsidc-vault-client puppet module to interact with the NSIDC Vault instance when provisioning a VM.
• During the provisioning process, passwords are retrieved from Vault and stored in a credentials.rb file on the new VM.
• cmr-mediator also requires a Launchpad certificate for CMR write purposes. We shouldn't need to worry about this unless Launchpad authentication is somehow involved in staging files to Cumulus.
• Note that some experimental "vault-in-docker" work is happening (see the vault-in-docker project on Bitbucket).
• The current vagrant-nsidc credentials tarball includes a Vault key pair, presumably to allow access to the Vault API. Apparently vagrant-nsidc v13.1.0 (future) will no longer use the credentials tarball, but instead pull information directly from Vault. Mike L. will need to provide more background on how this magical Vault access is implemented.