Assume Role with Web Identity for Amazon integrations

[pfrydids]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

When filing a bug, please include the following headings if possible. Any
example text in this template can be deleted.

Overview of the Issue

I'd like the the Packer Amazon integration to support 'Assume Role with Web Identity' as an authentication method just like the Terraform AWS Provider

https://registry.terraform.io/providers/hashicorp/aws/latest/docs#assuming-an-iam-role-using-a-web-identity

so that I can leverage

https://support.atlassian.com/bitbucket-cloud/docs/deploy-on-aws-using-bitbucket-pipelines-openid-connect/

I don't think this is currently supported.

Packer version

1.8.5

[petenorth]

This should have been a feature request rather than a bug.

I think I see how to do it using what is outlined here

https://jameswoolfenden.github.io/learn-packer/packer-aws-ami.2/

but using aws sts assume-role-with-web-identity ... rather than aws sts assume-role ...

https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sts/assume-role-with-web-identity.html

but it still would be a nice feature to let packer do all of the assuming of the role and the extracting of the access token/secret, as the intial description says just like the Terraform AWS Provider