feat: support AWS EKS Pod Identity

[emanuelelevo]

Pull Request

Related Github Issues

SOPS decryption via AWS EKS Pod Identity.

Error: /hello/secret/main.hcl:17,45-54: Unsupported attribute; This object does not have an attribute named "username"., and 3 other diagnostic(s)

Description

OpenTofu, Terraform, and Terragrunt already use an AWS SDK version that supports AWS EKS Pod Identity.

This PR updates the aws-sdk-go version in terragrunt-atlantis-config to v1.47.11, which is the minimum required version for supporting AWS EKS Pod Identity.
Ref https://github.com/aws/aws-sdk-go/releases/tag/v1.47.11

This update resolves the SOPS decryption issue mentioned above.

Security Implications

• [none]

System Availability

• [none]

[Almenon]

C:\dev\misc\terragrunt-atlantis-config>go mod graph | grep aws-sdk-go
github.com/transcend-io/terragrunt-atlantis-config github.com/aws/aws-sdk-go@v1.46.6
github.com/aws/aws-sdk-go@v1.46.6 github.com/jmespath/go-jmespath@v0.4.0
github.com/aws/aws-sdk-go@v1.46.6 github.com/pkg/errors@v0.9.1
github.com/aws/aws-sdk-go@v1.46.6 golang.org/x/net@v0.1.0
github.com/gruntwork-io/go-commons@v0.17.1 github.com/aws/aws-sdk-go@v1.44.48
github.com/gruntwork-io/go-commons@v0.17.1 github.com/aws/aws-sdk-go-v2@v1.16.16
github.com/gruntwork-io/go-commons@v0.17.1 github.com/aws/aws-sdk-go-v2/config@v1.15.13
github.com/gruntwork-io/go-commons@v0.17.1 github.com/aws/aws-sdk-go-v2/service/autoscaling@v1.23.16
github.com/gruntwork-io/go-commons@v0.17.1 github.com/aws/aws-sdk-go-v2/service/ec2@v1.47.2
github.com/gruntwork-io/go-commons@v0.17.1 github.com/aws/aws-sdk-go-v2/service/s3@v1.27.1
github.com/gruntwork-io/go-commons@v0.17.1 github.com/aws/aws-sdk-go-v2/service/secretsmanager@v1.15.13
github.com/gruntwork-io/go-commons@v0.17.1 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream@v1.4.3
github.com/gruntwork-io/go-commons@v0.17.1 github.com/aws/aws-sdk-go-v2/credentials@v1.12.8
github.com/gruntwork-io/go-commons@v0.17.1 github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.12.8
github.com/gruntwork-io/go-commons@v0.17.1 github.com/aws/aws-sdk-go-v2/internal/configsources@v1.1.23
github.com/gruntwork-io/go-commons@v0.17.1 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.4.17
github.com/gruntwork-io/go-commons@v0.17.1 github.com/aws/aws-sdk-go-v2/internal/ini@v1.3.15
github.com/gruntwork-io/go-commons@v0.17.1 github.com/aws/aws-sdk-go-v2/internal/v4a@v1.0.5
github.com/gruntwork-io/go-commons@v0.17.1 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.9.3
github.com/gruntwork-io/go-commons@v0.17.1 github.com/aws/aws-sdk-go-v2/service/internal/checksum@v1.1.9
github.com/gruntwork-io/go-commons@v0.17.1 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.9.8
github.com/gruntwork-io/go-commons@v0.17.1 github.com/aws/aws-sdk-go-v2/service/internal/s3shared@v1.13.8
github.com/gruntwork-io/go-commons@v0.17.1 github.com/aws/aws-sdk-go-v2/service/sso@v1.11.11
github.com/gruntwork-io/go-commons@v0.17.1 github.com/aws/aws-sdk-go-v2/service/sts@v1.16.9
github.com/gruntwork-io/terragrunt@v0.54.1 github.com/aws/aws-sdk-go@v1.46.6
github.com/hashicorp/go-getter@v1.7.5 github.com/aws/aws-sdk-go@v1.44.122
github.com/hashicorp/terraform@v0.15.3 github.com/aws/aws-sdk-go@v1.37.0
github.com/hashicorp/terraform@v0.15.3 github.com/hashicorp/aws-sdk-go-base@v0.6.0
go.mozilla.org/sops/v3@v3.7.3 github.com/aws/aws-sdk-go@v1.43.43
github.com/aws/aws-sdk-go@v1.44.122 github.com/jmespath/go-jmespath@v0.4.0
github.com/aws/aws-sdk-go@v1.44.122 github.com/pkg/errors@v0.9.1
github.com/aws/aws-sdk-go@v1.44.122 golang.org/x/net@v0.0.0-20220127200216-cd36cc0744dd
github.com/aws/aws-sdk-go@v1.37.0 github.com/jmespath/go-jmespath@v0.4.0
github.com/aws/aws-sdk-go@v1.37.0 github.com/pkg/errors@v0.9.1
github.com/aws/aws-sdk-go@v1.37.0 golang.org/x/net@v0.0.0-20201110031124-69a78807bb2b
github.com/hashicorp/aws-sdk-go-base@v0.6.0 github.com/aws/aws-sdk-go@v1.31.9
github.com/hashicorp/aws-sdk-go-base@v0.6.0 github.com/hashicorp/go-cleanhttp@v0.5.0
github.com/hashicorp/aws-sdk-go-base@v0.6.0 github.com/hashicorp/go-multierror@v1.0.0
github.com/hashicorp/aws-sdk-go-base@v0.6.0 github.com/mitchellh/go-homedir@v1.1.0
github.com/hashicorp/go-getter@v1.5.1 github.com/aws/aws-sdk-go@v1.15.78
github.com/aws/aws-sdk-go@v1.31.9 github.com/go-sql-driver/mysql@v1.5.0
github.com/aws/aws-sdk-go@v1.31.9 github.com/jmespath/go-jmespath@v0.3.0
github.com/aws/aws-sdk-go@v1.31.9 github.com/pkg/errors@v0.9.1
github.com/aws/aws-sdk-go@v1.31.9 golang.org/x/net@v0.0.0-20200202094626-16171245cfb2
github.com/aws/aws-sdk-go@v1.15.78 github.com/jmespath/go-jmespath@v0.0.0-20160202185014-0b12d6b521d8

A lot of random things that require this library, so there's a wide scope of possible impact. However, this isn't a major version update, and AWS is reputable, so should be fairly safe.

[Almenon]

Changelog: https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md

A lot of random service client updates. A few SDK enhancements:

aws/ec2metadata: Added environment and shared config support for disabling IMDSv1 fallback.
Use env AWS_EC2_METADATA_V1_DISABLED or shared config ec2_metadata_v1_disabled accordingly.

aws/signer/v4: Add bucket owner header to presigned list.
Add x-amz-expected-bucket-owner header to the list of headers that need to be presigned.

aws/defaults: Feature updates to endpoint credentials provider.
Add support for dynamic auth token from file and EKS container host in configured URI.