[velero-plugin-for-aws] Allow use of S3 buckets without credentials

[ianb-mp]

Describe the problem/challenge you have

Using velero-plugin-for-aws, there is no way to disable signing of requests to S3. This causes a problem with scenarios where the S3 bucket does not need credentials i.e. bucket policy allows by IP address, or VPC endpoint.

Describe the solution you'd like

It would be good if a configuration option to disable signing of requests could be added. AFAIK, this should be possible with AWS SDK - see: https://pkg.go.dev/github.com/aws/aws-sdk-go-v2@v1.26.1/aws#AnonymousCredentials

Anything else you would like to add:

Environment:

• Velero version (use velero version):
• Kubernetes version (use kubectl version):
• Kubernetes installer & version:
• Cloud provider or hardware configuration:
• OS (e.g. from /etc/os-release):

Vote on this issue!

This is an invitation to the Velero community to vote on issues, you can see the project's top voted issues listed here.
Use the "reaction smiley face" up to the right of this comment to vote.

• :+1: for "The project would be better with this feature added"
• :-1: for "This feature will not enhance the project in a meaningful way"

[blackpiglet]

Using `nil` credentials when configuring an API client will achieve the same result. The AnonymousCredentials type allows you to configure the SDK's external config loading to not attempt to source credentials from the shared config or environment.

Is it possible to use the nil credential to do the same result?

[kaovilai]

This would break the current velero CLI downloadrequests as it relies on signedUrls currently.