auth: support `endpoint_url` + `ca_bundle` credentials configuration

[justinmk3]

Discussed in #3960

^{Originally posted by asant-leitha October 26, 2023}
In order to access my corporate aws instance I need to set a custom root otherwise I get 403 Unauthorized. How to do that using the config file or the vscode toolkit plugin?

Problem

Toolkit doesn't support this kind of credentials config:

[default]
endpoint_url = https://url.it:port
aws_access_key_id = XXXXXXXXXX
aws_secret_access_key = xxxxxxxx/xxxxxxx
ca_bundle = "path/to/file.pem"

• ca_bundle is docmented at https://awscli.amazonaws.com/v2/documentation/api/latest/topic/config-vars.html
• endpoint_url is documented at https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-endpoints.html

Notes

This related discussion for aws java sdk mentions that ca_bundle is not supported by the sdk:

• Unable to add cert through HTTP Request aws-sdk-java-v2#3974

Expected behavior

• Toolkit supports endpoint_url and ca_bundle fields in the credentials config.
• Supporting endpoint_url is essentially a variation of custom endpoints / Localstack #2007
  • But based on an offline conversation, aws-sdk-js-v3 already supports endpoint_url for static credentials. References:
    • https://docs.aws.amazon.com/sdkref/latest/guide/feature-ss-endpoints.html
    • https://github.com/awslabs/smithy-typescript/blob/93274e37a28e508e5137493ffdf7aa63b0c8daed/packages/middleware-endpoint/src/adaptors/getEndpointUrlConfig.ts
• Support ca_bundle likely requires us to dynamically configure nodejs (e.g. via NODE_EXTRA_CA_CERTS, see also #2970) and/or configure the sdk client.