Add option to specify a custom STS endpoint

[ianroberts]

Describe the feature

Add an option to specify the STS endpoint URL explicitly, as an alternative to deriving it automatically from the AWS region.

Use Case

I want to be able to use GitHub tokens for federated authentication to a Minio storage server - this uses an S3-compatible API for storage operations, but also includes an STS-compatible endpoint providing the AssumeRoleWithWebIdentity action to generate access credentials for the S3-compatible API using a federated identity token. As far as I can see this would be possible using the configure-aws-credentials action if there were the option to specify an explicit endpoint parameter in place of (or as well as) the region in CredentialsClient.stsClient():

configure-aws-credentials/src/CredentialsClient.ts

Lines 33 to 37 in fff2104

	this._stsClient = new STSClient({
	region: this.region,
	customUserAgent: USER_AGENT,
	requestHandler: this.requestHandler ? this.requestHandler : undefined,
	});

Proposed Solution

• add a new input sts-endpoint to the action
• pass this through to the CredentialsClient constructor
• if an endpoint has been specified, forward this to the STSClient constructor. Otherwise behave as normal, letting STSClient build its own default endpoint from the region name.

Other Information

No response

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

[tim-finnigan]

Thanks for the feature request, I'm not sure if we would consider this but would like to get more input from the community. Also I think this somewhat overlaps with #305.