simplest resolution would be to add a new configuration to configure the required "assume-role-with-web-identity" call and then use the produced aws credentials for the remainder of the pulumi stack deployment.
Thanks for reporting this enhancement request and will be adding this to our backlog. I agree that we might want to improve our overall authorization user journeys within this operator.
Hello!
Issue details
Currently, it seems the operator is not supporting a process that using STS tokens to access aws resource. Like for example described in this article about using a google cloud platform access aws resources
Affected area/feature
simplest resolution would be to add a new configuration to configure the required "assume-role-with-web-identity" call and then use the produced aws credentials for the remainder of the pulumi stack deployment.