Update SSO/Identity Center guidance for EKS access management

[svennam92]

We should provide guidance on EKS access management using AWS IAM Identity Center (formerly AWS SSO). This blog post (https://aws.amazon.com/blogs/containers/a-quick-path-to-amazon-eks-single-sign-on-using-aws-sso/) is outdated and has limitations that aren't mentioned, particularly around the IAM role ARN generated by Identity Center having a random suffix which makes it impractical to use.

• Create a new section covering options for EKS access management
• Include comparison of different approaches with their trade-offs:
  • IAM Identity Center + EKS CAM APIs
  • Direct IAM Users/Roles Mapped to EKS RBAC
  • OpenID Connect (OIDC) Providers
  • IRSA/Pod Identity/etc
• Document known limitations and considerations for each method

Related:

• [EKS] [request]: EKS authentication rolearn wildcard support aka AWS Identity Center SSO integration with EKS access entry API containers-roadmap#474
• [EKS] [request]: Cedar for Kubernetes in Amazon EKS containers-roadmap#2463

[geoffcline]

The docs team has heard this request also.