Allow use of EKS pod identities as an authentication method

[jmalloc]

What problem are you facing?

I would like to use EKS pod identities to grant the provider access to AWS, as an alternative to IRSA

How could Crossplane help solve your problem?

By adding support for this authentication method in ProviderConfig.

FWIW, I did attempt to use a pod identity with a ProviderConfig set to use IRSA credentials, hoping that it might "just work" given that both IRSA and pod identities work by automatically injecting AWS environment variables into the pod. This approach failed, but I no longer have the exact error message, sorry. Some googling at the time suggested that it might be necessary to use version 2 of the AWS Go client with EKS pod identities.

[hsmade]

With version 0.46, and the following:

apiVersion: aws.crossplane.io/v1beta1
kind: ProviderConfig
metadata:
  name: aws-provider
spec:
  credentials:
    source: InjectedIdentity

The result for trying to use pod identity is this error from the provider-aws pod:

crossplane-aws-provider: error: Cannot setup AWS controllers: invalid endpoint host, "169.254.170.23", only loopback hosts are allowed

[hsmade]

From what I can find with other controllers with the same issue, all that needs to be done is updating the aws sdk dependency. The EKS provider is still using the old sdk, instead of v2.

Examples: 1 2

[github-actions]

Crossplane does not currently have enough maintainers to address every issue and pull request. This issue has been automatically marked as stale because it has had no activity in the last 90 days. It will be closed in 14 days if no further activity occurs. Leaving a comment starting with /fresh will mark this issue as not stale.