S3 CRT Client not using IAM role for the EKS/Kubernetes service account

[singhbaljit]

Describe the bug

The S3 CRT client does not use the IAM role attached to the service account in Kubernetes. I'm building the client with default credentials provider chain. Instead, it tries to use the role of the EKS/Kubernetes node. I do have the STS module on the the classpath. Other SDK clients are correctly use the IAM role. Even the Netty-based async client works with the role.

Expected Behavior

The CRT based client use the default credentials provider chain correctly, and use the IAM role for the container.

Current Behavior

It tries to use the role of the Kubernetes node. I see authentication error where it points to the node role not having the correct IAM actions. Those actions only exists on the container IAM role.

Reproduction Steps

1. Create a standard CRT client
2. Deploy to a container, and attach IAM role to the service account for the container.
3. Make a request to upload/download with the CRT client.

Possible Solution

It should use the IAM role for the container.

Additional Information/Context

No response

AWS Java SDK version used

2.20.162, 0.27.3 (CRT)

JDK version used

Corretto 17.0.8

Operating System and version

Amazon Linux 2023

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

[cbui]

@singhbaljit did you find a solution for this?

[singhbaljit]

@cbui This issue was opened incorrectly. I found the root cause: #4583