Align credentials handling with serverless

[GrahamCampbell]

No description provided.

[Copilot]

Pull request overview

This PR refactors AWS credential resolution and AWS SDK v3 client configuration to align behavior with Serverless-style credential handling, and updates state-related AWS clients to consume the unified client config.

Changes:

• Replace the bespoke AWS provider-chain implementation with a centralized credentials resolver (stage-aware) using @aws-sdk/credential-providers.
• Introduce a shared AWS SDK v3 client config builder (region fallback, retry/maxAttempts mapping, proxy/CA/timeout support) and route existing callers through it.
• Update S3/CloudFormation state utilities and tests to pass stage through and to handle SDK v3 error name-based codes.

Reviewed changes

Copilot reviewed 23 out of 23 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
test/unit/src/utils/aws/remote-provider.test.js	Removed tests for deleted custom IMDS/container remote provider.
test/unit/src/utils/aws/get-credential-provider.test.js	Updated to validate forwarding profile + stage to new resolver.
test/unit/src/utils/aws/get-client-config.test.js	Updated to validate client config building via buildClientConfig and explicit credentials passthrough.
test/unit/src/utils/aws/from-node-provider-chain.test.js	Removed tests for deleted custom provider chain wrapper.
test/unit/src/utils/aws/default-provider.test.js	Removed tests for deleted custom chained credential provider.
test/unit/src/utils/aws/credentials.test.js	Added unit tests for new stage-aware credential resolution and implicit-default fallback behavior.
test/unit/src/utils/aws/config.test.js	Added unit tests for new AWS SDK v3 client config builder (retries/region/timeout/proxy/CA/options passthrough).
test/unit/src/state/utils/get-state-bucket-region.test.js	Expanded coverage for SDK v3 name-based errors and stage propagation; expects retryMode passthrough.
test/unit/src/state/utils/get-state-bucket-name.test.js	Added coverage for SDK v3 ValidationError via name and updated client config expectations.
test/unit/src/state/get-s3-state-storage-from-config.test.js	Updated to pass stage through and pass full clientConfig into storage instead of raw credentials.
test/unit/src/state/S3StateStorage.test.js	Added coverage for SDK v3 NoSuchKey via name; updated to expect full clientConfig usage.
src/utils/aws/provider-chain/remote-provider.js	Deleted bespoke remote provider logic.
src/utils/aws/provider-chain/from-node-provider-chain.js	Deleted bespoke node provider chain wrapper.
src/utils/aws/provider-chain/default-provider.js	Deleted bespoke default provider chain implementation.
src/utils/aws/get-credential-provider.js	Switched to ./credentials resolver; signature now forwards { profile, stage }.
src/utils/aws/get-client-config.js	Now builds config via buildClientConfig and resolves credentials only when not explicitly provided.
src/utils/aws/credentials.js	New stage-aware credential resolver with implicit-default detection and fallback logic.
src/utils/aws/config.js	New AWS SDK v3 client config builder (region fallback, retry mapping, proxy/CA/timeout handling).
src/state/utils/get-state-bucket-region.js	Accepts context, propagates stage, and normalizes AWS error code extraction (Code/code/name).
src/state/utils/get-state-bucket-name.js	Propagates stage into CloudFormation client config and normalizes AWS error code extraction.
src/state/get-s3-state-storage-from-config.js	Passes stage to region resolver, builds full AWS client config, and passes it through to S3StateStorage.
src/state/S3StateStorage.js	Accepts full clientConfig for S3 client and treats SDK v3 errors by name as well as Code/code.
package.json	Consolidates credential dependencies into @aws-sdk/credential-providers and adds HTTP handler + proxy agent dependencies.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.