Add Assumed Role ARN as a config option

[breecoffey-fetch]

Currently, the only implemented options for cross account AWS access are using an IAM User w access key and secret id. We want to avoid that for security reasons. We should be able to specify a role ARN in the connector config that the DynamoDb connector will use.

Proposed changes:
Create an optional field in the config that is a role ARN to pass to getCredentials. If that condition is met, return an STS assume role credentials provider instead of the default credentials provider.

[Gadam8]

Currently, the only implemented options for cross account AWS access are using an IAM User w access key and secret id. We want to avoid that for security reasons. We should be able to specify a role ARN in the connector config that the DynamoDb connector will use.

Proposed changes: Create an optional field in the config that is a role ARN to pass to getCredentials. If that condition is met, return an STS assume role credentials provider instead of the default credentials provider.

I am in a similar situation and would love to see this change added. We are currently using this source connector and the Confluent sink connector. The sink connector allows roles to be used, or the AWS credentials can be assumed using environment variables - https://docs.confluent.io/kafka-connect-aws-dynamodb/current/overview.html#using-trusted-account-credentials. This would be much more useful for us for security reasons and would really appreciate some movement on this PR. Cheers 👍

[bomwo]

Any progress on the pull request? I am in a similar situation and would love to see this change added.

[baganokodo2022]

I've tested this PR in AWS and proved it works. Please merge it to benefit others facing similar requirements.

[gfiehler]

What is the current state of this PR, is there any plan to merge this?