Add broader support for AWS authentication mechanisms #691
Description
/feature
Is your feature request related to a problem? Please describe.
I'm running the AWS Mountpoint S3 CSI driver in a non-EKS cluster and am trying to eliminate static AWS keys for the CSI driver. Looking through the code it seems that a limited subset of AWS's credential providers are supported.
Describe the solution you'd like in detail
I'd like the S3 CSI driver to either directly support IAM roles anywhere or to have the AWS S3 CSI driver use the standard Go AWS SDK to support the default credential provider chain.
Describe alternatives you've considered
We can't use IRSA since we can't run EKS, and the other auth methods available don't work for us including permitting every node in the cluster to assume the CSI driver's role via instance profiles.
Additional context
IAM roles anywhere works by injecting a sidecar container that's trusted by IAM through a trust anchor. You then override the AWS_EC2_METADATA_SERVICE_ENDPOINT on your target container(s) to point to your sidecar container which provides temporary credentials for a configured role. This is the method we used with the controller, mountpoint and the daemonset pods but found that they didn't respect the AWS EC2 metadata service endpoint environment variable.