This documentation describes the vault role required to use AWS IAM as an auth method:
I’m unsure how to convert this line into HCL though:
"Resource": "arn:aws:iam::*:user/${aws:username}"
What is the HCL equivalent for ${aws:username}?
The answer is to escape the $ with $$