Feature Request: add support for AWS IAM Roles for Service Account

[oridool]

Hi,
I'd like the exporter to connect to a managed AWS Elasticsearch, and to assume IAM Role rather than specify a username+password. I've configured the cluster to work with IAM roles rather than users.
If the POD is running in EKS, AWS credentials can be fetched using IAM Roles for Service Account (IRSA):
https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html

Is it possible to add such support to this project?

Thank you.

[nimi-ummer]

@steveteuber For IRSA implementation with least privileges the use of aws.role-arn throws the below error:
caller=roundtripper.go:61 msg="failed to retrive aws credentials" err="operation error STS: AssumeRole, https response error StatusCode: 403
AWS role:

     "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Federated": "arn:aws:iam::<account>:oidc-provider/oidc.eks.<aws-region>.amazonaws.com/id/<id>"
            },
            "Action": "sts:AssumeRoleWithWebIdentity",
            "Condition": {
                "StringEquals": {
                    "<oidc>:sub": [
                        "system:serviceaccount:<namespace>:<serviceaccount>"                        
                    ],
                    "<oidc>:aud": "sts.amazonaws.com"
                }
            }
        }
    ]

policy:

    "Statement": [
        {
            "Action": [
                "es:ESHttpPut",
                "es:ESHttpPost",
                "es:ESHttpPatch",
                "es:ESHttpHead",
                "es:ESHttpGet",
                "es:ESHttpDelete"
            ],
            "Effect": "Allow",
            "Resource": "arn:aws:es:<opensearch-domain>/*"
        }
    ],