Profile is not read when defined as assuming role

Describe the bug

I am not sure if this is a bug or a feature request, I am assuming it is a bug because this is a rather standard behaviour even with other sdks (the python one works fine, for example).

The issue is that in my shared credentials file I have a security profile we use to log into our centralized IAM account and from there we can assume roles into other accounts with proper permissions. The way we do this is by defining them as profiles with the security profile as source profile and indicating what role to asume in the config shared filed.

For example, this profile is present in my .aws/credentials file

[securityiam]
aws_access_key_id=AKIAXXXXXX
aws_secret_access_key=XXXXXX

and then, in my .aws/config file I have configured this profile

[profile my-new-profile]
source_profile=securityiam
role_arn=arn:aws:iam::XXXX:role/my_role_to_asume

I wold expect that by creating an S3 client specifying the analytics-dev profile it would automatically handle the role assumption logic but it seems that it does not. I get the following error:

ProviderError: Profile my-new-profile requires a role to be assumed, but no role assumption callback was provided.

We would like to avoid, if possible, having dependencies in code with the role to be used because, when deployed, it will authenticate using the service metadata. Having to add a role assumption logic seems adding logic we should not need (and with other sdks we actually don’t need). Whatever extra code we need to add is code only intended for development purposes and we would like to keep it to the minimum.

Probably I am missing something, let me know if you need further information.

Thanks!

Your environment

SDK version number

@aws-sdk/credential-provider-node@3.15.0 @aws-sdk/client-s3@3.15.0

Is the issue in the browser/Node.js/ReactNative?

Node.js

Details of the browser/Node.js/ReactNative version

node v14.16.0

Steps to reproduce

Add a profile into .aws/credentials and a profile as explained above in .aws/config. Create a client to s3 that tries to list buckets

import { S3, ListBucketsCommandInput } from "@aws-sdk/client-s3";
import { defaultProvider } from "@aws-sdk/credential-provider-node";


const credentials = defaultProvider({profile: "my-new-profile"});

const client = new S3({credentials: credentials, region: "us-east-1"});

const buckets = client.listBuckets({}, (err, data) => {
    if (err) console.log(err, err.stack); // an error occurred
    else     console.log(data);           // successful response
});
console.log(buckets);

Observed behavior

The call returns an error that states:

ProviderError: Profile analytics-dev requires a role to be assumed, but no role assumption callback was provided.

Expected behavior

The S3 client returns the list of bucket using the assumed role as stated in the config file.