Let boto3 source credentials

[abatilo]

At the moment, to use the AWS provider, you must pass in an access key ID and a secret access key. Most matured organizations will not give you an IAM user for security reasons and instead you get AWS credentials through an IAM role assumption that also returns a session token.

boto3 has the built in ability to check all sources of standard configuration, but minimally, dnsReaper should also support role assumption.

It would be nice if you left boto3 to do the credential sourcing itself so that other forms of authentication would be supported, like OIDC role assumption.

[SimonGurney]

Thats a great feature and makes a lot of sense, particularly around aws SSO.

Our current provider loading mechanism doesn't support optional args so we need to think how we implement this beyond just the boto3 auto assumption itself.

I'll try and make the params optional so we can add some alternative logic if they are absent

[SimonGurney]

@imnotbrandon could you try adding a second aws provider (maybe temporarily) that attempts to auto configure. Something like aws-assumed-credential maybe?

Medium term we should look to see how we can support optional parameters but it would be good to see if we can run this in ecs or on ec2 with automatic credentials...

[imnotbrandon]

Hey @abatilo This is a brilliant suggestion, I've done the work for it and it's available in the feature/aws-auto branch (pr here: https://github.com/punk-security/dnsReaper/pull/87).

Do you mind checking the branch out and giving it a go? It's working great on my end.

[abatilo]

Hey @imnotbrandon, sorry that I missed this but the change looks great!