Restrict creds user receives upon login to cloud-gate based on need #14
Description
Issue
Currently, on logging in to cloud-gate, a user receives credentials for all of the accounts that they have access to.
Steps to reproduce
Login to cloud-gate on UI or via CLI.
Impact
Even though these are short lived credentials, they should be granted on a need/per request basis instead of giving all the creds. This way a user is only given creds to a particular account/role instead of all roles. Restricting creds on a need/request basis is good from an attack surface perspective.
Remediation
Would be good to grant only the credentials that were requested by the user for both the CLI and the UI.