Comment 4 for bug 2052410

The attempt to get SECRET_KEY and ACCESS_KEY was using:

ROLE_NAME=XXXX
METADATA_URL="http://169.254.169.254/latest/meta-data/iam/security-credentials/$ROLE_NAME"
AWS_ACCESS_KEY_ID=$(curl -s $METADATA_URL | jq -r .AccessKeyId)
AWS_SECRET_KEY_ID=$(curl -s $METADATA_URL | jq -r .SecretAccessKey)
AWS_SESSION_TOKEN=$(curl -s $METADATA_URL | jq -r .Token)
REGION=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .region)
mkdir -p ~/.local/share
juju bootstrap aws

I don't think juju pays attention to AWS_SESSION_TOKEN without --constraints "instance-role=XXXX" being set (either to 'auto' or to an explicit name)