I released a tool for obtaining a Hashicorp Vault token using a pre-signed AWS request!
This tool generates and sends a presigned sts:GetCallerIdentity AWS API call to a Vault Server, requesting a Vault token for a given Vault role. Optionally, the requested token can be “sealed”. A sealed token can only be used once, to obtain a regular token, improving security!