Support AWS Instance Profile Credentials when Authenticating AI Gateway with AWS Bedrock

Proposal

To authenticate the AI Gateway instance to access AWS Bedrock requires defining the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_REGION_NAME when starting the Docker image (documentation).

We have customers that want to avoid using and storing long-term IAM credentials, and instead favor other authentication types such as the use of instance profile credentials. There is a separate issue for supporting assume role functionality: #542393.

@erran pointed out on the following:

a new feature request to support AWS instance profile credentials should be created (work will need to be planned on the monolith for the configuration UI and the AI gateway backend to attempt to use the instance credentials).

Since I'm not a DRI for AI gateway I'll just add that if you're adding a feature request you could include a link to https://docs.gitlab.com/ci/cloud_services/aws/ which is likely how the updated integration should be thought about/designed.

Conditions of satisfaction

• We update the LLM documentation to explain instance profile credentials are supported.
• We update the troubleshooting script to remove specific environment variable lookups and let boto3 perform credential lookup from environment variables which would cover any form of authentication a user likes.