The current AWS assertions require you to select the AWS Secret Access Key from a drop-down list of managed passwords. The AWS assertion also lacks an input field for Session Token. These two limitations prevents the assertion from being used with temporary security credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html), such as those obtained via AssumeRoleWithSAML (http://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html). With temporary security credentials, the access key id, secret access key, and session token are ephemeral.
Our enhancement request is to have the AWS assertions support use of AWS temporary credentials by 1) allowing a context variable as the value for AWS Secret Access Key and 2) accepting Session Token (with context variable value) as an input parameter.