support for session token when creating an aws integration

[vjeffrey]

User Story

In the Automate UI there are two different methods for adding an aws integration:

• using aws access key id and secret
• using the "read creds from env" option

We actually support a third method via API:

• using aws access key id, secret, and session token

This third method allows us to support the use of temporary credentials. Temporary credentials are generally regarded as best practice for AWS, and we've implemented restrictions internally to ensure we are only using temporary credentials.

The credentials created by temporary credentials also have another benefit - using creds that have an associated session token allow us to bypass the "invalid security token" error we've encountered when running the AWS CIS profile (#173).

But at the moment, there's no way to add an integration via UI using the session token.
I believe supporting this functionality in the UI would be very beneficial, as we are currently needing to tell users to use the api to add AWS integrations if they require session token support.

Some notes about the session token:

• it should only be used in conjunction with the AWS access key id and secret
• it should be optional, to allow users to add an integration using aws access key id and secret without including the session token
• it will have an expiration (varies by AWS account setup) of anywhere between 1 and 24 hours

cc @jonong1972 : we'll need some designs for this

Definition of Done

can add an AWS integration using access key id, secret, and session token via Automate UI
designs: TBD