[Egress providers - S3 store] Add support for service accounts when running dotnet monitor in kubernetes

Directory.Packages.props

@@ -1,6 +1,7 @@
 <Project>
   <ItemGroup>
     <PackageVersion Include="AWSSDK.S3" Version="$(AwsSdkS3Version)" />
+    <PackageVersion Include="AWSSDK.SecurityToken" Version="$(AwsSdkSecurityTokenVersion)" />
     <PackageVersion Include="Azure.Identity" Version="$(AzureIdentityVersion)" />
     <PackageVersion Include="Azure.Storage.Blobs" Version="$(AzureStorageBlobsVersion)" />
     <PackageVersion Include="Azure.Storage.Queues" Version="$(AzureStorageQueuesVersion)" />

documentation/configuration/egress-configuration.md

@@ -198,6 +198,14 @@ The Queue Message's payload will be the blob name (`<BlobPrefix>/<ArtifactName>`
  ```
 </details>
 
+### Authenticating to S3 using service accounts
+If running workloads in Kubernetes it is common to authenticate with AWS via Kubernetes service accounts ([AWS Documentation](https://docs.aws.amazon.com/eks/latest/userguide/pod-configuration.html)). This is supported in dotnet monitor if none of: `accessKeyId`, `secretAccessKey`, `awsProfileName` are specified. In this case dotnet monitor will fallback to load credentials to login using AWS default defined environment variables, this means that workloads running in EKS can utilize service accounts as discussed in the above AWS documentation.
+
+Specifically the use of service accounts set the following environment variables which are detected by AWS SDK and used for authentication as a fallback:
+ - AWS_REGION
+ - AWS_ROLE_ARN
+ - AWS_WEB_IDENTITY_TOKEN_FILE
+
 ## Filesystem egress provider
 
 | Name | Type | Description |

eng/Signing.props

@@ -2,6 +2,7 @@
   <ItemGroup>
     <FileSignInfo Include="AWSSDK.Core.dll" CertificateName="3PartySHA2" />
     <FileSignInfo Include="AWSSDK.S3.dll" CertificateName="3PartySHA2" />
+    <FileSignInfo Include="AWSSDK.SecurityToken.dll" CertificateName="3PartySHA2" />
     <FileSignInfo Include="Newtonsoft.Json.dll" CertificateName="3PartySHA2" />
     <FileSignInfo Include="Newtonsoft.Json.Bson.dll" CertificateName="3PartySHA2" />
     <FileSignInfo Include="Swashbuckle.AspNetCore.Swagger.dll" CertificateName="3PartySHA2" />

eng/dependabot/independent/Packages.props

@@ -19,5 +19,6 @@
     <PackageReference Include="Swashbuckle.AspNetCore" Version="$(SwashbuckleAspNetCoreVersion)" />
     <PackageReference Include="Moq" Version="$(MoqVersion)" />
     <PackageReference Include="AWSSDK.S3" Version="$(AwsSdkS3Version)" />
+    <PackageReference Include="AWSSDK.SecurityToken" Version="$(AwsSdkSecurityTokenVersion)" />
   </ItemGroup>
 </Project>

eng/dependabot/independent/Versions.props

@@ -15,6 +15,7 @@
     <NJsonSchemaVersion>11.0.0</NJsonSchemaVersion>
     <SwashbuckleAspNetCoreVersion>6.5.0</SwashbuckleAspNetCoreVersion>
     <AwsSdkS3Version>3.7.305.7</AwsSdkS3Version>
+    <AwsSdkSecurityTokenVersion>3.7.300.33</AwsSdkSecurityTokenVersion>
 
     <!--
       Moq version & constants derived from Moq.

src/Extensions/S3Storage/S3Storage.csproj

@@ -11,12 +11,13 @@
 
   <ItemGroup>
     <PackageReference Include="AWSSDK.S3" />
+    <PackageReference Include="AWSSDK.SecurityToken" />
   </ItemGroup>
 
   <ItemGroup>
     <ProjectReference Include="..\..\Microsoft.Diagnostics.Monitoring.Extension.Common\Microsoft.Diagnostics.Monitoring.Extension.Common.csproj" />
   </ItemGroup>
-  
+
   <ItemGroup>
     <Compile Update="OptionsDisplayStrings.Designer.cs">
       <DependentUpon>OptionsDisplayStrings.resx</DependentUpon>