fix: add STS dependency for IRSA credential resolution in EKS (#98)

lidiams96 · claude · web-flow · commit 407bb4f5ce36 · 2026-02-17T16:24:42.000+02:00
The BedrockProvider uses the AWS SDK DefaultCredentialsProvider chain,
which requires the STS module on the classpath to perform
AssumeRoleWithWebIdentity. Without it, the credential chain silently
skips IRSA and falls back to EC2 instance metadata, causing the
plugin to use the EKS node role instead of the pod's service account
IAM role.

Co-authored-by: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/pom.xml b/pom.xml
@@ -230,5 +230,14 @@
       </exclusions>
     </dependency>
 
+    <!-- Required for IRSA (IAM Roles for Service Accounts) in EKS environments.
+         Without this, DefaultCredentialsProvider cannot perform AssumeRoleWithWebIdentity
+         and falls back to EC2 instance metadata (node role). -->
+    <dependency>
+      <groupId>software.amazon.awssdk</groupId>
+      <artifactId>sts</artifactId>
+      <version>2.33.5</version>
+    </dependency>
+
   </dependencies>
 </project>
