bring back bed rock auth (#13089)

Signed-off-by: Yuval Kohavi <[email protected]>

Author: yuval-k

api/v1alpha1/agentgateway/agentgateway_policy_types.go

@@ -707,7 +707,7 @@ const (
 	HostnameRewriteModeNone HostnameRewriteMode = "None"
 )
 
-// +kubebuilder:validation:ExactlyOneOf=key;secretRef;passthrough
+// +kubebuilder:validation:ExactlyOneOf=key;secretRef;passthrough;aws
 type BackendAuth struct {
 	// key provides an inline key to use as the value of the Authorization header.
 	// This option is the least secure; usage of a Secret is preferred.
@@ -726,7 +726,21 @@ type BackendAuth struct {
 	// request, the original token would be unchanged, so this would have no effect.
 	// +optional
 	Passthrough *BackendAuthPassthrough `json:"passthrough,omitempty"`
-	// TODO: aws, azure, gcp
+	// TODO: azure, gcp
+
+	// Auth specifies an explicit AWS authentication method for the backend.
+	// When omitted, we will try to use the default AWS SDK authentication methods.
+	//
+	// +optional
+	AWS *AwsAuth `json:"aws,omitempty"`
+}
+
+// AwsAuth specifies the authentication method to use for the backend.
+type AwsAuth struct {
+	// SecretRef references a Kubernetes Secret containing the AWS credentials.
+	// The Secret must have keys "accessKey", "secretKey", and optionally "sessionToken".
+	// +required
+	SecretRef corev1.LocalObjectReference `json:"secretRef"`
 }
 
 type BackendAuthPassthrough struct {

api/v1alpha1/agentgateway/zz_generated.deepcopy.go

@@ -4,7 +4,7 @@ go 1.25.3
 
 require (
 	// Also update AgentgatewayDefaultTag in pkg/deployer/wellknown.go and test/deployer/testdata/*
-	github.com/agentgateway/agentgateway v0.10.6-0.20251203184148-f45f1a94cdfa
+	github.com/agentgateway/agentgateway v0.10.6-0.20251211180119-76b0afc55496
 	github.com/avast/retry-go/v4 v4.3.3
 	github.com/cncf/xds/go v0.0.0-20251110193048-8bfbf64dc13e
 	github.com/envoyproxy/go-control-plane v0.14.0

go.mod

@@ -196,8 +196,8 @@ github.com/PuerkitoBio/goquery v1.10.1 h1:Y8JGYUkXWTGRB6Ars3+j3kN0xg1YqqlwvdTV8W
 github.com/PuerkitoBio/goquery v1.10.1/go.mod h1:IYiHrOMps66ag56LEH7QYDDupKXyo5A8qrjIx3ZtujY=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
-github.com/agentgateway/agentgateway v0.10.6-0.20251203184148-f45f1a94cdfa h1:PWDaZIBsPpGIo/3PdYRRIrU5kCKC86nkkEZLqTDi5rI=
-github.com/agentgateway/agentgateway v0.10.6-0.20251203184148-f45f1a94cdfa/go.mod h1:/Lzpteag/nnE4bwW/3Dh5GaxuICmCQs40VhQpkTatlk=
+github.com/agentgateway/agentgateway v0.10.6-0.20251211180119-76b0afc55496 h1:A7qJ8Ac6vMHDSqcFDpk/IBfZPjxbH44/78dtsodxiEk=
+github.com/agentgateway/agentgateway v0.10.6-0.20251211180119-76b0afc55496/go.mod h1:/Lzpteag/nnE4bwW/3Dh5GaxuICmCQs40VhQpkTatlk=
 github.com/agnivade/levenshtein v1.2.1 h1:EHBY3UOn1gwdy/VbFwgo4cxecRznFk7fKWN1KOX7eoM=
 github.com/agnivade/levenshtein v1.2.1/go.mod h1:QVVI16kDrtSuwcpd0p1+xMC6Z/VfhtCyDIjcwga4/DU=
 github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs=

go.sum

@@ -3,7 +3,7 @@ Name|Version|License
 [cel.dev/expr](https://cel.dev/expr)|v0.24.0|Apache License 2.0
 [semver/v3](https://github.com/Masterminds/semver)|v3.4.0|MIT License
 [PuerkitoBio/goquery](https://github.com/PuerkitoBio/goquery)|v1.10.1|BSD 3-clause "New" or "Revised" License
-[agentgateway/agentgateway](https://github.com/agentgateway/agentgateway)|v0.10.6-0.20251203184148-f45f1a94cdfa|Apache License 2.0
+[agentgateway/agentgateway](https://github.com/agentgateway/agentgateway)|v0.10.6-0.20251211180119-76b0afc55496|Apache License 2.0
 [anthropics/anthropic-sdk-go](https://github.com/anthropics/anthropic-sdk-go)|v1.13.0|MIT License
 [retry-go/v4](https://github.com/avast/retry-go)|v4.3.3|MIT License
 [xds/go](https://github.com/cncf/xds)|v0.0.0-20251110193048-8bfbf64dc13e|Apache License 2.0