Support external process credentials in AWS inventory plugin config

[mpkut]

Use Case

We would like to to have the ability to use an external credentials process to authenticate with AWS.

The specific use case we encountered was the that of an initially unprivileged user assuming a privileged role that requires MFA authentication. By using the AWS CLI's aws configure export-credentials feature, it is possible to delegate the MFA authentication to the CLI, and then reuse the CLI's cached session token.

This feature would mostly be helpful for interactive CLI users of Bolt, but the general purpose nature of the external mechanism might apply to other cases as well.

Describe the Solution You Would Like

A new parameter causes the inventory plugin to run an external process credentials command and use the resulting session token for accessing the AWS API.

Describe Alternatives You've Considered

Attempts to use a static credentials file with the credential_process setting resulted in uninitialized class variable errors. Attempts to generate a static credentials file containing a session token obtained from aws configure export-credentials also failed.

After these failures it seemed worth seeing if the desired behavior of using aws configure export-credentials (particularly the CLI session cache) could be added directly to the inventory plugin. Adding an alternative credential_process parameter that uses the underlying AWS SDK function proved to work in our environment. The result is submitted in PR #23.

[donoghuc]

Nice! This seems great. Will try to get your PR reviewed soon. Thanks so much

[mpkut]

Thank you! Please let me know if there is anything I can do to assist with the review process.

[mpkut]

I can report that since I submitted this PR, we have successfully used the inventory plugin with AWS SSO based CLI sessions. Again, please let me know if there is anything I can do to assist with the review.