AWS CLI EC2 instance roleを使っているときに、assume role する方法

問題

AWS CLIは https://docs.aws.amazon.com/ja_jp/cli/latest/userguide/cli-roles.html で簡単にassume role で引き受けたroleが使用できるが、元の権限が EC2 instance role を使っているとこのページの通りだと The source_profile "default" must specify either static credentials or an assume role configuration と言われてしまい動作しない

./aws/config

[profile test]
role_arn = arn:aws:iam::xxxxxxxx:role/TestRole
source_profile = default

[default]
output = json
region = ap-northeast-1

-> % aws --profile test  ec2 describe-instances

The source_profile "default" must specify either static credentials or an assume role configuration

解決方法

https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#using-aws-iam-roles にある

credential_source = Ec2InstanceMetadata を指定すれば、できるようになる

./aws/config

[profile test]
role_arn = arn:aws:iam::xxxxxxxx:role/TestRole
credential_source = Ec2InstanceMetadata
region = ap-northeast-1

[default]
output = json
region = ap-northeast-1

-> % aws --profile test  ec2 describe-instances | head -8
{
    "Reservations": [
        {
            "Instances": [
                {
                    "Monitoring": {
                        "State": "disabled"
                    },