Should be a way to use an IAM Role

[tmroberts-tableau]

Our cloud team will only create Roles in AWS rather than individual IAM users with keys. There should be a way to specify a Role OR user with keys.

[wawastein]

It all depends on boto3 authentication. I believe it's possible to do with this: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-api.html However, right now I don't have the infrastructure required to test the code, so if it's urgent I suggest you can look into this yourself. I might have possibility down the road, but cannot provide timeline.

[wonderphil]

IAM Role¶

If you are running on Amazon EC2 and no credentials have been found by any of the providers above, boto3 will try to load credentials from the instance metadata service. In order to take advantage of this feature, you must have specified an IAM role to use when you launched your EC2 instance. For more information on how to configure IAM roles on EC2 instances, see the IAM Roles for Amazon EC2 guide.

Note that if you've launched an EC2 instance with an IAM role configured, there's no explicit configuration you need to set in boto3 to use these credentials. Boto3 will automatically use IAM role credentials if it does not find credentials in any of the other places listed above.