Make cf aws provider a proxy

[woodcockr]

Why this change is needed

the odc_eks/cloud_front_distribution.tf currently declares a aws provider for region us-east-1 as this is required for cloudfront. Unfortunately the explicitly declared module provider means you can't specify AWS credentials for the provider to use from the caller.

The correct approach is to use a Module Provider Alias in the module and then have the caller provide the AWS Provider like this:

provider "aws" {
  region = "us-east-1"
  alias  = "use1"
  max_retries = 10
  access_key = data.vault_aws_access_credentials.creds.access_key
  secret_key = data.vault_aws_access_credentials.creds.secret_key
}

module "odc_eks" {
  source = "github.com/opendatacube/datacube-k8s-eks//odc_eks?ref=make-cf-aws-provider-a-proxy"
  providers = {
    aws.us-east-1 = aws.use1
  }
  # Cluster config
  region          = local.region
  owner           = local.owner
  namespace       = local.namespace
  environment     = local.environment
  cluster_version = 1.17

  admin_access_CIDRs = {
    "Everywhere" = "0.0.0.0/0"
  }

Details can be found at https://www.terraform.io/docs/configuration/modules.html#providers-within-modules

Negative effects of this change

Will making this change break or change an existing functionality? flag it here

Yes, callers will need to declare a us-east-1 aws Provider and pass it in via the providers block in the module call.