Support STS assumed role

IAM Users are ok 95% of the time, but for EKS access it must map to specific IAM Users, not dynamic usernames. So therefore the temp credentials from Vault needs to be added via further automation after Vault provisions the temp User.

To work around this, EKS supports access via IAM Role. So dynamic users can sts:AssumeRole into this static Role.

Vault supports this: https://developer.hashicorp.com/vault/docs/secrets/aws#sts-assumerole

The command to get the STS creds is: vault write <AWS_MOUNT>/sts/<IAM_ROLE>

The output is:

$ vault write aws-<censored>/sts/eks ttl=60m
Key                Value
---                -----
lease_id           aws-<censored>/sts/eks/MNA6pFNrOdZymYnbTLH0grgV
lease_duration     59m59s
lease_renewable    false
access_key         <AWS_ACCESS_KEY_ID>
arn                <SOME_AWS_ARN>
secret_key         <AWS_SECRET_ACCESS_KEY>
security_token     <AWS_SESSION_TOKEN>
ttl                59m59s

It would be great if this script can be adapted to also handle sts:AssumeRole mode of operation.