Add AWS credential provider support for Bedrock

[jscheid]

What this does

Allows passing Aws::CredentialProvider objects (instance profile, assume role, etc.) instead of static credentials. Provider takes precedence when both are configured. This is a solution to the problem of authenticating with e.g. role-based permissions, as discussed here.

Type of change

• Bug fix
• New feature
• Breaking change
• Documentation
• Performance improvement

Scope check

• I read the Contributing Guide
• This aligns with RubyLLM's focus on LLM communication
• This isn't application-specific logic that belongs in user code
• This benefits most users, not just my specific use case

Quality check

• I ran overcommit --install and all hooks pass
• I tested my changes thoroughly
  • For provider changes: Re-recorded VCR cassettes with bundle exec rake vcr:record[provider_name]
  • All tests pass: bundle exec rspec
• I updated documentation if needed
• I didn't modify auto-generated files manually (models.json, aliases.json)

API changes

• Breaking change
• New public methods/classes
• Changed method signatures
• No API changes

Related issues

Related to #16

[jscheid]

@tpaulshippy here's a PR as discussed, please let me know what you think?

[tpaulshippy]

Looks great! Much nicer than the approach I'm using.

[deivinsontejeda]

Great... Looking forward how this PR progress.

[juanviamonte]

We have big need for this now. Thank you !

[nickgalantowicz]

For apps running in aws this feature enables best practice for service to service auth. We shouldnt need to create new iam users and manage creds. Please prioritize this PR!

[tpaulshippy]

For apps running in aws this feature enables best practice for service to service auth. We shouldnt need to create new iam users and manage creds. Please prioritize this PR!

FYI - this is achievable now. See #16 (comment) - this PR just makes it easier.

[nickgalantowicz]

For apps running in aws this feature enables best practice for service to service auth. We shouldnt need to create new iam users and manage creds. Please prioritize this PR!

FYI - this is achievable now. See #16 (comment) - this PR just makes it easier.

Thank you 🙏

[jmangel]

For apps running in aws this feature enables best practice for service to service auth. We shouldnt need to create new iam users and manage creds. Please prioritize this PR!

FYI - this is achievable now. See #16 (comment) - this PR just makes it easier.

Is there any estimate on release of this feature? in the meantime, I'm looking into implementing the solution from the gist shared by @tpaulshippy (or the derived gist from a commenter in that thread, not sure which approach to prefer yet) to get Bedrock to work with my IAM policy setup in production