Effectively, all the option needs to do, is send the credentials to stdout as a json blob of the form:
{
"Version": 1,
"AccessKeyId": "an AWS access key",
"SecretAccessKey": "your AWS secret access key",
"SessionToken": "the AWS session token for temporary credentials",
"Expiration": "ISO8601 timestamp when the credentials expire"
}
The
credential_processargument of an aws config profile allows sourcing credentials from an external process. It also natively supports refreshing those credentials. See also:Effectively, all the option needs to do, is send the credentials to stdout as a json blob of the form: