Feature: remove requirement to specify cluster's internal IAM role name

[ecordell]

Is your feature request related to a problem? Please describe. When using workload identity to backup a database to s3, you have to specify two roles: the Cockroach-managed role and the customer-controlled role to assume:

From docs here: https://www.cockroachlabs.com/docs/v24.1/cloud-storage-authentication#run-the-operation-from-a-cockroachdb-dedicated-cluster:

BACKUP DATABASE {database} INTO 's3://{bucket name}/{path}?AUTH=implicit&ASSUME_ROLE=arn:aws:iam::{AWS account ID}:role/crl-dr-store-user-{cluster ID suffix},arn:aws:iam::{account ID}:role/{operation role name}' AS OF SYSTEM TIME '-10s';

Describe the solution you'd like I'd like to omit the cockroach-controlled role and just specify:

BACKUP DATABASE {database} INTO 's3://{bucket name}/{path}?AUTH=implicit&ASSUME_ROLE=arn:aws:iam::{account ID}:role/{operation role name}' AS OF SYSTEM TIME '-10s';

so that I don't have to query the cockroach cloud API and manually construct a role name.

Jira issue: CRDB-40057

[blathers-crl[bot]]

Hello, I am Blathers. I am here to help you get the issue triaged.

I have CC'd a few people who may be able to assist you:

• @cockroachdb/disaster-recovery (found keywords: backup)

If we have not gotten back to your issue within a few business days, you can try the following:

• Join our community slack channel and ask on #cockroachdb.
• Try find someone from here if you know they worked closely on the area and CC them.

_{:owl: Hoot! I am a Blathers, a bot for CockroachDB. My owner is dev-inf.}

[blathers-crl[bot]]

cc @cockroachdb/disaster-recovery