Optionally assume a role

[cwinters8]

If ssm_role_arn is provided, that role is assumed in the AWS config.

I have a need to use this provider, since its one of the few that enables a tunnel via SSM directly. However, I also need to assume a role to connect to the bastion, so I thought I'd fork this and make the changes to enable that. FWIW, I've only tested the data source and not the ephemeral resource. Please let me know if you have any feedback. Thanks!

[arnaud-dfns]

Hi @cwinters8, thanks for your contribution! I tried locally and the assume role works but the role does not show up in output data:

data.tunnel_ssm.test: Reading...
data.tunnel_ssm.test: Read complete after 6s

Changes to Outputs:
  + tunnel2 = {
      + local_host   = "localhost"
      + local_port   = 58760
      + ssm_instance = "i-00xxxxxxx"
      + ssm_profile  = "aws-account/TestProfile"
      + ssm_region   = "us-east-1"
      + ssm_role_arn = ""
      + target_host  = "google.com"
      + target_port  = 443
    }