My Jenkins master is on Prem Machine and once all the executors are occupied on the Master, a new Slave should spin up in the AWS account, .
We have succeeded doing it when the Master Jenkins and the Slave Agents both are in AWS.
But now i am trying to execute it when the Master is On Prem.

We have Contacted the Enterprise CloudBees Support Team regarding the same and they have suggested to use user credentials approach to connect Jenkins to EC2 and they have confirmed these is the only available approach to use the Ec2 plugin to connect Jenkins with AWS.

But in Our organization we have multi factor authentication and role based authorizations to connect to AWS environment.
The way we connect to AWS console is as below:
we first provide our AD credentials (user/pwd) followed by the symantec VIP token, once connected we get a list of roles
which we need to select in order authorize.

SO could you please consider the below Requirement and enhance the functionality to include Role Based authorization.