Support default credentials for AWS IntegrationSink(s) #8718
Description
Problem
The IntegrationSinks for SQS and SNS only support secret-based authentication. The modern, recommended practice is for code to use default credentials and let the container orchestration system inject the credentials (e.g. via pod identity or IAM Roles for Service Accounts).
The underlying kamelets already support this via the useDefaultCredentialsProvider property, so it should be just a matter of setting the corresponding environment variable to true if no secrets are specified, e.g.
CAMEL_KAMELET_AWS_SNS_SINK_USE_DEFAULT_CREDENTIALS_PROVIDER: trueEvent consumer
Exit Criteria
- Configure an IAM role or pod identity for the Service Account that the IntegrationSink deployments run with.
- SNS or SQS sinks use this role via default credentials, i.e. without any explicit key management.
Time Estimate (optional):
- If only providing the option to use default credentials, via the absence of an
aws.auth.secret: 1 day - If adding some of the other credential options for AWS authentication, maybe longer as it would involve additional API design for the
aws.authfield (but honestly, default credentials is probably the dominant use case).
Additional context (optional)
This feature would additionally benefit from being able to specify a ServiceAccount for the IntegrationSink. But as that is not necessary for default credential usage, that is filed as a separate feature request.