Each of the deployments come with a workload identity when we create the deployment. I have another iam role in an AWS account that has access to specific secret in secretmanager and to an s3 bucket.
I want the deployment workload identity to do an sts and then access the corresponding AWS resources.
I followed Astronomer’s documentation
Authorize an Astro Deployment to cloud resources using workload identity | Astronomer Documentation . But this doesn’t work. As per the documentation Astronomer deployment workload identity will automatically do as STS, but it doesn’t happen in reality.
Any guidance is appreciated