Is it possible to do delegated management

Consider this situation: The customer consented with me to provide his secrets to me for managing/delegating some operations, e.g generate tokens on behalf of the user directly from me, a “trusted” middleman.

Now I don’t know if this is possible to do it with Vault as I see that secret engines maybe the something I needed? So I can enable multiple secret engines under different paths with different secrets right, i.e. I can have two AWS secret engines called A, B where A uses secret key “AAAA” and B uses secret key “BBBB” right?

Yes, you can, using the -path argument:

By default, the secrets engine will mount at the name of the engine. To enable the secrets engine at a different path, use the -path argument.