Allow Non-Static AWS Credentials

[luna-lightblade]

The current AWS credentials configuration requires a static IAM access key and secret. However, the AWS SDK can automatically handle providing credentials from IAM instance roles, as well as through service account tokens using IRSA in Kubernetes.

To allow these auth methods, skip setting the static credentials provider unless static credentials are provided. This allows the other authentication methods to be handled transparently if available.

The downside of this change is that it provides a less clear error message if all authentication methods are entirely missing, however the ability to use other credential chains is probably worth it.

I've tested this by simulating the container running as a Kubernetes pod using IRSA with the following configuration:

docker run -v ./token:/var/run/sa-token:ro -e AWS_DEFAULT_REGION=us-west-2 -e AWS_REGION=us-west-2 -e AWS_ROLE_ARN=arn:aws:iam::REDACTED:role/REDACTED -e AWS_WEB_IDENTITY_TOKEN_FILE=/var/run/sa-token -e AWS_STS_REGIONAL_ENDPOINTS=regional -e 'DDNSR53_ROUTE53_HOSTEDZONEID=REDACTED' -e 'DDNSR53_ROUTE53_RECORDSSET_0_NAME=REDACTED' -e 'DDNSR53_ROUTE53_RECORDSSET_0_TYPE=A' -e 'DDNSR53_ROUTE53_RECORDSSET_0_TTL=300' -e SCHEDULE='*/30 * * * *' -it ddns-route53:holly
Mon, 06 May 2024 05:49:47 UTC INF Starting ddns-route53 version=v2.12.0-3-g6a69d4c.m
Mon, 06 May 2024 05:49:47 UTC INF Configuration loaded from 4 environment variables
Mon, 06 May 2024 05:49:48 UTC INF Current WAN IPv4: REDACTED
Mon, 06 May 2024 05:49:50 UTC INF 1 record(s) set updated changes={"ChangeInfo":{"Comment":"Updated by ddns-route53 v2.12.0-3-g6a69d4c.m at 2024-05-06 05:49:50","Id":"/change/C10150071THCU7QRC3B8B","Status":"PENDING","SubmittedAt":"2024-05-06T05:49:47.441Z"},"ResultMetadata":{}}
Mon, 06 May 2024 05:49:50 UTC INF Cron initialized with schedule */30 * * * *
Mon, 06 May 2024 05:49:50 UTC INF Next run in 10 minutes (2024-05-06 06:00:00 +0000 UTC)
^CMon, 06 May 2024 05:49:55 UTC WRN Caught signal interrupt

And using static credentials

docker run -e 'DDNSR53_CREDENTIALS_ACCESSKEYID=REDACTED' -e 'DDNSR53_CREDENTIALS_SECRETACCESSKEY=REDACTED' -e 'DDNSR53_ROUTE53_HOSTEDZONEID=REDACTED' -e 'DDNSR53_ROUTE53_RECORDSSET_0_NAME=REDACTED' -e 'DDNSR53_ROUTE53_RECORDSSET_0_TYPE=A' -e 'DDNSR53_ROUTE53_RECORDSSET_0_TTL=300' -e SCHEDULE='*/30 * * * *' -it ddns-route53:holly
Mon, 06 May 2024 05:55:18 UTC INF Starting ddns-route53 version=v2.12.0-3-g6a69d4c.m
Mon, 06 May 2024 05:55:18 UTC INF Configuration loaded from 6 environment variables
Mon, 06 May 2024 05:55:19 UTC INF Current WAN IPv4: REDACTED
Mon, 06 May 2024 05:55:20 UTC INF 1 record(s) set updated changes={"ChangeInfo":{"Comment":"Updated by ddns-route53 v2.12.0-3-g6a69d4c.m at 2024-05-06 05:55:19","Id":"/change/C0031075VEO58EQZIRRJ","Status":"PENDING","SubmittedAt":"2024-05-06T05:55:17.133Z"},"ResultMetadata":{}}
Mon, 06 May 2024 05:55:20 UTC INF Cron initialized with schedule */30 * * * *
Mon, 06 May 2024 05:55:20 UTC INF Next run in 4 minutes (2024-05-06 06:00:00 +0000 UTC)
^CMon, 06 May 2024 05:55:23 UTC WRN Caught signal interrupt

Also, this is my first time writing go code, so if you have style feedback that is appreciated.