Allow the use of encrypted data bags for looking up AWS credentials

[rayrod2030]

It would be great to have the option of using an encrypted data bag to store AWS credentials used for accessing the AWS billing and ice work buckets via S3.

[dhawal55]

Even better would be to leverage IAM role for AWS API calls. I'm not sure if this is supported currently.

[et304383]

This could be solved by using a wrapper cookbook that pulls your credentials out of your data bag and sets the appropriate ice attribute files.

That being said, you should be using IAM roles unless you're forced to run this on premise rather than in AWS. By simply leaving the attributes for the access credentials blank you should get this behaviour.