Add AWS session token support for OIDC authentication

Export and configure AWS_SESSION_TOKEN in login.yml to support
OIDC-based credentials which return temporary session tokens.
Conditional guards ensure backward compatibility with static keys.
Also remove step name to avoid duplicate name errors when login
is called multiple times in a pipeline.

Author: liyu-ma

steps/cloud/aws/login.yml

@@ -15,6 +15,9 @@ steps:
       inlineScript: |
         echo "##vso[task.setvariable variable=AWS_ACCESS_KEY_ID;issecret=true]$AWS_ACCESS_KEY_ID"
         echo "##vso[task.setvariable variable=AWS_SECRET_ACCESS_KEY;issecret=true]$AWS_SECRET_ACCESS_KEY"
+        if [ -n "${AWS_SESSION_TOKEN:-}" ]; then
+          echo "##vso[task.setvariable variable=AWS_SESSION_TOKEN;issecret=true]$AWS_SESSION_TOKEN"
+        fi
     displayName: 'Get login credentials'
 
 - bash: |
@@ -23,12 +26,15 @@ steps:
 
     aws configure set aws_access_key_id "$AWS_ACCESS_KEY"
     aws configure set aws_secret_access_key "$AWS_SECRET_KEY"
+    if [ -n "${AWS_SESSION:-}" ]; then
+      aws configure set aws_session_token "$AWS_SESSION"
+    fi
     aws configure set default.region "$REGION"
     aws configure list
     echo "##vso[task.setvariable variable=AWS_DEFAULT_REGION]$REGION"
   displayName: "AWS Login"
-  name: aws_login
   env:
     AWS_ACCESS_KEY: $(AWS_ACCESS_KEY_ID)
     AWS_SECRET_KEY: $(AWS_SECRET_ACCESS_KEY)
+    AWS_SESSION: $(AWS_SESSION_TOKEN)
     REGION: ${{ parameters.region }}