Upgrade aws-sdk-go with Support for AssumeRoleWithWebIdentity for s3 backend

[uncycler]

Current Terraform Version

0.12.24

Use-cases

Run terraform in a pod inside a EKS cluster with a IAM role assigned to the service account , leveraging the AssumeRoleWithWebIdentity API.

https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-technical-overview.html

Attempted Solutions

Inside the pod, aws sts get-caller-identity is using the correct role, but terraform fallback to the instance profile role.

AssumeRoleWithWebIdentity support was added to aws-sdk-go since 1.23.13.

Proposal

Terraform should try using AssumeRoleWithWebIdentity before EC2

[bflad]

Multiple fixes for credential ordering, automatically using the AWS shared configuration file if present, and profile configuration handling of the S3 Backend have been merged and will release with version 0.13.0-beta2 of Terraform. In particular, this functionality has been specifically verified. See also: hashicorp/aws-sdk-go-base#33

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.