I am trying to use Boundary to discover hosts in our AWS organization. We rely exclusively on the use of roles and short lived tokens and have service control policies configured that prevent the creation of IAM credentials as its considered an anti-pattern.
I was disappointed to see that the dynamic discovery plugin for AWS requires a hard-coded Access Key ID and Access Key Secret.
I found this issue raised on the repository Plugin should use AWS SDK Credential Resolution Order · Issue #12 · hashicorp/boundary-plugin-host-aws · GitHub but it doesn’t seem to have gained much traction. In theory this fix should be very easy as by simply removing them the AWS SDK will use its default credential chain.
Is there any other work around that would enable the use of this plugin without hard coding these credentials?