kube2iam should discover AWS account ID

[tazjin]

If no base-role is set, kube2iam should probably discover the AWS account ID and use arn:aws:iam::${AWS_ACCOUNT_ID}:role/ as the default.

[jtblin]

I don't think this should be the default behaviour but maybe if a --discover-role flag is set, we could do that. I am not familiar with this default role, do you have some doc that you can point to?

[ajohnstone]

Can use the api call on sts to fetch this.

aws sts get-caller-identity
{
    "Account": "<ACCOUNT_ID>", 
    "UserId": "<USER_ID>", 
    "Arn": "arn:aws:iam::<ACCOUNT_ID>:user/<USERNAME>"
}

Would be awesome to add this.

[tazjin]

@jtblin That's just the default base ARN at which a role will be located if it's not explicitly put into any path.

[jtblin]

I don't think we'd want to set the default role automatically from a security standpoint, maybe we could do that with (yet) another flag e.g. --discover-default-role or something like that.

[jtblin]

Now released as 0.5.0. Thanks @jescarri for the contribution!