The AWS provider supports to assume AWS IAM role to use S3, but Aliyun OSS provider does not support IAM(RAM) role.

We can find the code for AWS provider here https://github.com/thanos-io/objstore/blob/main/providers/s3/s3_aws_sdk_auth.go, but the Aliyun OSS provider does not have it.

Aliyun has GO sdk for assume role and get the STS token, here https://github.com/AliyunContainerService/ack-ram-tool/tree/main/examples/rrsa/go-sdk