We currently only support username/password, but other services may require more sophisticated authentication methods.
Our options :
Provide more fine-grained configuration settings, covering a larger set of generic authentication methods. We could use external projects such as https://jclouds.apache.org/ (if it does support AWS authentication)
Add an SPI hook to customize the Apache HTTP client, and provide users with an AWS-specific module adding AWS-specific configuration settings (see https://aws.amazon.com/blogs/security/how-to-control-access-to-your-amazon-elasticsearch-service-domain/)
Add a programmatic API allowing users to customize the Apache HTTP client.
I suspect the ideal solution would be to provide a mix of the above, but we'll have to discuss that.