My web application needs to access a few AWS resources, and to do that, it requires AWS Credentials.
While the easiest solution would be to configure AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY secrets as environment variables, I would prefer not to use static credentials and instead generate temporary credentials on-demand.
This is something I have done with other platforms such as GitHub Actions and Terraform Cloud. You can create an AWS IAM Identity Provider in the AWS Console for the OIDC Identity Provider that your platform manages, and then your runtime can call the AWS STS AssumeRoleWithWebIdentity endpoint, passing along the JWT identity token provided by your platform.
Instructions for configuring GitHub Actions to use temporary AWS credentials can be found here:
https://aws.amazon.com/blogs/security/use-iam-roles-to-connect-github-actions-to-actions-in-aws/
I’d like to do something similar with Render, but the Render platform would need to make available an OIDC Identity Provider, as described here:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html
Is this possible? If not, is this something on the roadmap for Render?