What's the forensics story (how do you understand after the fact who did what actions) for using IAM roles in this way? To my knowledge, Cloudtrail includes only the assumed IAM role in the actual API actions.
The assumerole api has a session name field which is arbitrary text that's included in cloud trail. Hologram sets this to the users name/email address from ldap