Disable region selection in list_roles and etc.

[Jiefei-Wang]

Please specify whether your issue is about:

• a possible bug
• a question about package functionality
• a suggested code or documentation change, improvement to the code, or feature request

Hi, thanks for the great package.

When I tried the list_roles function, my default region was "ap-southeast-1" and I immediately got this error

> list_roles()
$Code
[1] "SignatureDoesNotMatch"

$Message
[1] "Credential should be scoped to a valid region, not 'ap-southeast-1'. "
...

It turns out that the IAM does not require a region for it is a global setting. We can confirm it by going to the IAM setting on the web console, the region at the top right corner should show "global". The default region us-east-1 should be used in the HTTP request. A temporary workaround for me is to pass the region as an argument

> list_roles(region = "us-east-1")
[[1]]
RoleName:   /aws-service-role/eks.amazonaws.com/AWSServiceRoleForAmazonEKS 
...

I'm not sure how many functions will have the same issue but I guess list_roles is not the only one. It would be better to not follow the region setting returned by aws.signature::locate_credentials and just set it to "us-east-1". Then the user's default region will not mess up the IAM HTTP request.

Best,
Jiefei

[WY-CGhilardi]

This is also an issue for the get_caller_identity() function.

I happened to have AWS_DEFAULT_REGION set as an environment variable and was getting the same error message. hardcoding to get_caller_identity(region="us-east-1") fixed the issue. Unsetting the environment variable first and then calling with no parameters also worked.

#works
aws.iam::get_caller_identity(region="us-east-1")

#alternative option, also works
Sys.unsetenv("AWS_DEFAULT_REGION")
aws.iam::get_caller_identity()