include aws_signing_helper with amazon/aws-cli image

[gtaws]

Describe the feature

include aws_signing_helper in the image so that customers can adopt IAM Roles Anywhere for authentication and authorization and avoid IAM users.

Use Case

As more and more customers are being on-boarded to AWS, users would need a frictionless path to adopting AWS security best practices, such as discouraging use of IAM users. the amazon/aws-cli image needs to be custom built or custom mount the aws_signing_helper, which forces ownership back to customers just to combine utilities owned by AWS. This is a poor customer experience, and limits adoption of IAM Roles Anywhere. adding this will allow customers to run hybrid environments and workstations that can accelerate AWS development and migrations.

Proposed Solution

build aws_signing_helper and copy into aws-cli image.

Other Information

although I saw the issue that says issues lie on base image owner (Amazon Linux) to resolve lib deps on ARM64, it's not customer obsessed to ask the customers to open individual github issues to resolve AWS coordination issues.

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

CLI version used

2.24.1

Environment details (OS name and version, etc.)

dietpi 9.10.0 arm64 and amd64

[khushail]

@gtaws , thanks for requesting this. Although this is among the best AWS practices to use temporary security credentials than static ones, and aws_signing_helper provides such temp credentials , I would reach out to internal team to discuss the feasibility of including this one. As this might be a breaking change, will ask them to share insights on this request.

Thanks.