Fetch tessera secrets from AWS KMS using IAM roles

[techiegk]

To enable tessera to use AWS Secrets Manager, we need to configure 3 environment variables namely - AWS_REGION, AWS_SECRET_ACCESS_KEY& AWS_ACCESS_KEY_ID. But if an organisation has restricted to get only AWS_REGION & AWS_ACCESS_KEY_ID from AWS environment. Instead of AWS_SECRET_ACCESS_KEY, we have IAM role. Hope this would be best practice too for security reasons.
Now, the question is how to use IAM role instead of AWS_SECRET_ACCESS_KEY to enable tessera to use AWS Secrets Manager?

https://docs.tessera.consensys.net/en/stable/HowTo/Configure/KeyVault/AWS-Secrets-Manager/

[macfarla]

@Krish1979 do you have ideas on this one?

[macfarla]

Suggestion from devops - @techiegk are you able to see if the below suggestion works for you?

It is possible that if the environment variables are not configured and instance role attached to the EC2 instance has correct permissions, AWS api library will do the work to make use of the instance role.
Someone would need to test this and confirm to be sure. Update in documentation would also be nice I believe.