Unfortunately, AWS is not an identity provider itself. However, probably the closest thing to what you are attempting is to use "Login with Amazon" and AssumeRoleWithWebIdentity. The problem remaining is that you would still have to coordinate with the user of your web application in some other manner for them to give your application access to their account's AWS resources. In other words, the user of your web application will need to allow your web application to request temporary security credentials to their AWS account's resources.
"Login with Amazon" is Amazon's implementation of an identity provider that is compatible with OpenID Connect (so Amazon is an identity provider, but AWS isn't). If you desired, you could also use another OpenID Connect provider as the provider of the web identity.
AssumeRoleWithWebIdentity "returns a set of temporary security credentials for users who have been authenticated in a mobile or web application with a web identity provider." Once you have these temporary credentials, you can use them to "make API calls to any AWS service with the following exception: you cannot call the STS GetFederationToken or GetSessionToken API operations."
Hopefully, this gets you pointed in the right direction. For further detail, the AWS documentation is the best resource. See the below links for good starting points.
