Allow specifying auth adapter per profile

[yastanotheruser]

I'm currently working on a project which requires accessing AWS resources in an external account, so I need to use assume different roles for different AWS requests, and I suppose there even exist use cases which require chaining more than two roles. Currently, ExAws only allows to specify an application wide auth adapter, but this doesn't address role chaining use cases where the source profile uses a web identity token and the other roles are assumed using the source profile credentials. I think :awscli_auth_adapter could be specified in :awscli_credentials to use a different adapter for a given profile.

I think this can be addressed either by passing the auth config to ExAws.Config.awscli_auth_adapter to extract the adapter, or by creating a new adapter. In any case, I think this should be supported OOTB by ExAws.

[yastanotheruser]

I tried using this custom adapter, but found there's another limitation in the current implementation.

defmodule CustomAuthAdapter do
  @behaviour ExAws.Config.AuthCache.AuthConfigAdapter

  @impl true
  def adapt_auth_config(config, profile, expiration) do
    adapter =
      config[:awscli_auth_adapter] ||
        Application.fetch_env!(:ex_aws, :default_awscli_auth_adapter)

    adapter.adapt_auth_config(config, profile, expiration)
  end
end

Let's say my default profile gets its credentials using web identity, and I want to access an external resource using profile B which assumes a role using the default profile credentials. If I first perform a request using profile B, at some point we ask the AuthCache GenServer for its credentials, performing an STS call inside the GenServer using the default profile, but since we still need to retrieve credentials for this profile, the AuthCache ends up calling itself. Therefore we also need to invoke the adapters asynchronously in the AuthCache to prevent this from happening.