Sorry, we don't have anything that can do this for the moment.
DreamObjects (which is Ceph behind the scenes) implements larges parts of S3, but not all of it. It implements most of S3 ACLs, but not any of AWS IAM (including S3 Bucket Policies and STS).
Further, I'd like to warn you of a problem case in STS IP limits: clients that are effectively multi-homed: If the client has multiple IP addresses , you CANNOT be sure that the IP you got from the client will be the same IP used to contact S3/AWS.
 Example cases for clients:
- having both a IPv4 & IPv6 address
- behind a NAT with multiple public-facing IPs (often seen in mobile data networks and corporate internet connections)
- IPv6 address privacy extensions with per-app/per-connection addresses (see "Back to the Future: Revisiting IPv6 Privacy Extensions", Barrera & Wurster, LOGIN Usenix Magazine, Vol 36, No 1, bottom of page 22).