Using temporary credentials for initial deployment breaks self-updates

[jpluscplusm]

The self-updating pipeline has its AWS creds baked in from the initial CLI invocation of concourse-up. If these creds were issued by a aws sts assume-role or equivalent, then the concourse-up-self-update job fails, as the credentials expire a maximum of 60 minutes after creation.

Perhaps an additional self-update IAM user could be created during deployment. This might be possible to make optional - I believe it's possible to discover if the context you're operating in (as Terraform, etc) is based on temporary creds.

[danyoung]

Nice catch Jon. I've created a placeholder story for this feature request here https://www.pivotaltracker.com/story/show/155699858