fixed iamrole from sessionToken to securityToken (#988)

* fixed iamrole from sessionToken to securityToken

* wip

* support get aws credential from instance profile

lib/tasks/stt-task.js

@@ -219,7 +219,8 @@ class SttTask extends Task {
           roleArn
         });
       this.logger.debug({roleArn}, `(roleArn) got aws access token ${servedFromCache ? 'from cache' : ''}`);
-      credentials = {...credentials, accessKeyId, secretAccessKey, sessionToken};
+      // from role ARN, we will get SessionToken, but feature server use it as securityToken.
+      credentials = {...credentials, accessKeyId, secretAccessKey, securityToken: sessionToken};
     }
     else if (vendor === 'verbio' && credentials.client_id && credentials.client_secret) {
       const {access_token, servedFromCache} = await getVerbioAccessToken(credentials);
@@ -229,9 +230,13 @@ class SttTask extends Task {
     }
     else if (vendor == 'aws' && !JAMBONES_AWS_TRANSCRIBE_USE_GRPC) {
       /* get AWS access token */
-      const {accessKeyId, secretAccessKey, securityToken, region } = credentials;
+      const {speech_credential_sid, accessKeyId, secretAccessKey, securityToken, region } = credentials;
       if (!securityToken) {
-        const { servedFromCache, ...newCredentials} = await getAwsAuthToken({accessKeyId, secretAccessKey, region});
+        const { servedFromCache, ...newCredentials} = await getAwsAuthToken({
+          speech_credential_sid,
+          accessKeyId,
+          secretAccessKey,
+          region});
         this.logger.debug({newCredentials}, `got aws security token ${servedFromCache ? 'from cache' : ''}`);
         credentials = {...newCredentials, region};
       }