Unfortunately when we click "use instance credentials" we get an exception thrown when we run the job:
com.amazonaws.AmazonServiceException: Cross-account pass role is not allowed. (Service: AWSLambda; Status Code: 403; Error Code: null; Request ID: 645e6ad8-ba1f-11e5-b817-1f92f1beb5f9)
I put these comments in https://wiki.jenkins-ci.org/display/JENKINS/AWS+Lambda+Plugin page, but I should probably create a Jira ticket to track this. DefaultAwsCredentialsProviderChain should work just fine when passing to the constructor of AWSLambdaClient (which I see it is).
I think it's an issue with AWS more than anything else (or the java SDK), since if we use the AWS CLI on that slave, everything works, so it's definitely not a permissions issue. I'm going to bump the version of the SDK from 1.10.35 to 1.10.46 in the pom.xml to see if that fixes that.
On a side note, I don't think the secret key entry is expanding the the environment variable. That's the first thing I tried and I got permissions issues.