Add role_arn to S3StorageConfig

Fixes #32

README.md

@@ -326,6 +326,7 @@ The `s3` storage has the following attributes:
 - `access_key` (optional): AWS access key. This can also be sourced from the `AWS_ACCESS_KEY_ID` environment variable, AWS shared credentials file, or AWS shared configuration file.
 - `secret_key` (optional): AWS secret key. This can also be sourced from the `AWS_SECRET_ACCESS_KEY` environment variable, AWS shared credentials file, or AWS shared configuration file.
 - `profile` (optional): Name of AWS profile in AWS shared credentials file or AWS shared configuration file to use for credentials and/or configuration. This can also be sourced from the `AWS_PROFILE` environment variable.
+- `role_arn` (optional): Amazon Resource Name (ARN) of the IAM Role to assume.
 
 The following attributes are also available, but they are intended to use with `localstack` for testing.
 

history/storage_s3.go

@@ -35,6 +35,8 @@ type S3StorageConfig struct {
 	SecretKey string `hcl:"secret_key,optional"`
 	// Name of AWS profile in AWS shared credentials file.
 	Profile string `hcl:"profile,optional"`
+	// Amazon Resource Name (ARN) of the IAM Role to assume.
+	RoleARN string `hcl:"role_arn,optional"`
 	// Skip credentials validation via the STS API.
 	SkipCredentialsValidation bool `hcl:"skip_credentials_validation,optional"`
 	// Skip usage of EC2 Metadata API.
@@ -109,6 +111,7 @@ func NewS3Storage(config *S3StorageConfig, client S3Client) (*S3Storage, error)
 func newS3Client(config *S3StorageConfig) (S3Client, error) {
 	cfg := &awsbase.Config{
 		AccessKey:            config.AccessKey,
+		AssumeRoleARN:        config.RoleARN,
 		Profile:              config.Profile,
 		Region:               config.Region,
 		SecretKey:            config.SecretKey,