Is your feature request related to a problem? Please describe.
I just spent several hours trying to determine why I was receiving "Unable to reach credentials server" when using the Route53 plugin. This was caused by an IAM role ARN being used rather than an IAM role name. It's very common to use ARNs in most cases and I wouldn't be surprised if more than just myself are hitting this issue.

Describe the solution you'd like
I think this situation can be improved several ways

• Making it clear in the documentation on the website that --route53iamrole takes a role name not an ARN
• Like wise in the CLI guide making it specific that it's a name not an ARN
• Detecting when a name doesn't meet the requirements (such as having a colon in it - https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) and flagging an error
• It should also be possible to use the instance profile without specifying a role name (in fact I don't think it's possible to have an instance profile with two roles - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html#instance-profiles-manage-cli-api, and I believe the SDK will use the first available one if non is specified in InstanceProfileAWSCredentials https://github.com/win-acme/win-acme/blob/master/src/plugin.validation.dns.route53/Route53.cs#L42) - this would remove the need for defining the role in most users cases.

Describe alternatives you've considered
I worked around this problem by looking at the source code, determining the issue was with InstanceProfileAWSCredentials and looking at what input that method called (name not ARN).

Additional context
Hopefully this issue at the very least provides a result in Google for other users running into this problem.