Currently you need to provide access key and secret key to the account where cloudwatch is. Can we add an option to provide just the aws profile name of the profile setup on the logstash server and the plugin would be getting access_key and secret_key from that profile? Same way as terraform does it.
We store logstash.config in code repository and for obvious security reasons we don't want to store secret keys there.