fix AWS plugin credential precedence for environment variables (#52945)

* fix AWS plugin credential precedence for environment variables

* Allow aliases in direct plugins options

Consolidate precedence fix just in the doc fragment using aliases for mismatched options

* Access options with the option name rather than alias

* fix indentation

* update unit tests

* Improve readability

lib/ansible/plugins/doc_fragments/aws_credentials.py

@@ -6,7 +6,7 @@
 
 class ModuleDocFragment(object):
 
-    # inventory cache
+    # Plugin options for AWS credentials
     DOCUMENTATION = r'''
 options:
   aws_profile:
@@ -14,33 +14,29 @@ options:
     type: str
     aliases: [ boto_profile ]
     env:
-      - name: AWS_PROFILE
       - name: AWS_DEFAULT_PROFILE
+      - name: AWS_PROFILE
   aws_access_key:
     description: The AWS access key to use.
     type: str
+    aliases: [ aws_access_key_id ]
     env:
-      - name: AWS_ACCESS_KEY_ID
-      - name: AWS_ACCESS_KEY
       - name: EC2_ACCESS_KEY
+      - name: AWS_ACCESS_KEY
+      - name: AWS_ACCESS_KEY_ID
   aws_secret_key:
     description: The AWS secret key that corresponds to the access key.
     type: str
+    aliases: [ aws_secret_access_key ]
     env:
-      - name: AWS_SECRET_ACCESS_KEY
-      - name: AWS_SECRET_KEY
       - name: EC2_SECRET_KEY
+      - name: AWS_SECRET_KEY
+      - name: AWS_SECRET_ACCESS_KEY
   aws_security_token:
     description: The AWS security token if using temporary access and secret keys.
     type: str
     env:
-      - name: AWS_SECURITY_TOKEN
-      - name: AWS_SESSION_TOKEN
       - name: EC2_SECURITY_TOKEN
-  region:
-    description: The region for which to create the connection.
-    type: str
-    env:
-      - name: AWS_REGION
-      - name: EC2_REGION
+      - name: AWS_SESSION_TOKEN
+      - name: AWS_SECURITY_TOKEN
 '''