I’m trying to use AWS Fargate, the new managed ECS cluster service, to run some Docker images that have Datomic peers in them, configured to talk to an on-prem transactor in EC2. The wrinkle is that the IAM role exposed to task containers in Fargate (and probably in manage-your-own-EC2-cluster ECS too) is managed by AWS STS, which means that the IAM credentials have three pieces:
access_token (which contains expiry information, etc.).
Is there a way to provide this kind of credential to the DynamoDB client inside a Datomic peer? I would strongly prefer not to store a long-lived IAM user credential in my Docker task configuration, which is the only way I can think of to use a non-STS credential in ECS.