[Core][AWS] Allow specification of IAM roles for resources.

[JGSweets]

This PR updates the schema config to allow specification of IAM roles for resources based on the skypilot naming conventions.

Address: #3487

In ~/.sky/config.yaml:

• When setting for the controller and all other resources (default)

aws:
  remote_identity:
    sky-serve-controller-*: skypilot-v1-fake
    "*": skypilot-default-fake

• When setting for everything by specifying a default

aws:
  remote_identity:
    "*": skypilot-default-fake

• When setting for everything by specifying just the remote_identity via string

aws:
  remote_identity: skypilot-default-fake

• When first profile doesn't match it chooses the next in line if viable

aws:
  remote_identity:
    does-not-match: skypilot-default-fake
    "*": skypilot-default-fake

Tested (run the relevant ones):

• Code formatting: bash format.sh
• Any manual or new tests for this PR (please specify below)
  • tested running in all 4 configs in AWS
    • Nothing set
    • setting different controller and default values
    • setting default only
    • setting two profile names where the first one doesn't match to ensure it selects the viable candidate in order
• All smoke tests: pytest tests/test_smoke.py
• Relevant individual smoke tests: pytest tests/test_smoke.py::test_fill_in_the_name
• Backward compatibility tests: bash tests/backward_comaptibility_tests.sh

[JGSweets]

Due note the quotes required around * to meet yaml file specifications: "*".

e.g.

aws:
  remote_identity:
    "*": skypilot-default-fake

[Michaelvll]

Thanks for implementing this @JGSweets! The code looks good to me. Could you help add the new schema in our docs as well: https://skypilot.readthedocs.io/en/latest/reference/config.html

i.e., the following code path:

skypilot/docs/source/reference/config.rst

Line 134 in 2ff95bb

remote_identity: LOCAL_CREDENTIALS

[Michaelvll]

Would be nice to match cluster_name instead cluster_name_on_cloud as the former is user-facing and should be more intuitive to stay the same as the one specified in ~/.sky/config.yaml.

Suggested change

	if fnmatch.fnmatchcase(cluster_name_on_cloud, profile):
	if fnmatch.fnmatchcase(cluster_name, profile):

[JGSweets]

fixed!

[Michaelvll]

Seems we only added the support for AWS at the moment, we should limit this ability to aws cloud only, i.e. in L664, we can only apply this additional support for aws only.

[JGSweets]

Should be fixed

[JGSweets]

Not sure how we wanted to reference this specifically as an example. Open to suggestion here.

[JGSweets]

First attempt at how we represent multiple formats.

[Michaelvll]

Thanks for adding these! I reorganized the comments a little bit in the comment above, can we remove Format 1 and Format 2 here and use the comments above?

[Michaelvll]

Thanks for the quick fix @JGSweets! This PR should be good to go with the comments fixed. : )

[Michaelvll]

Thanks for adding these! I reorganized the comments a little bit in the comment above, can we remove Format 1 and Format 2 here and use the comments above?

[JGSweets]

@Michaelvll Fixed as suggested. Thanks for the improvements!