Switch to AWS SDK v2
Closed this issue · 2 comments
Currently we use the v1 SDK. Let's switch to v2.
https://github.com/aws/aws-sdk-go-v2
As far as I can tell, we use STS mostly (maybe EC2 as well), so those are the only packages we have to import.
I did some research and this might be impossible at this time, because of the way AWS IAM authentication works (nice explanation can be found here, and also in the documentation). Basically Vault only needs a signed GetCallerIdentity request, but in aws-sdk-go-v2 "the operation invocation calling pattern has been simplified such that there are no longer *Request methods that then require a secondary Send(context.Background()) invoke operation", as per this comment.
Indeed it seems non-trivial at the moment. On the other hand, I figured we should investigate if we can use some of the official auth libs: #58