Load Data from S3 Without Static Credentials

A new feature has been introduced that allows customers to configure access to Amazon S3 pipelines without relying on long-lived static credentials, enhancing security and simplifying the setup process for AWS-based workspace groups. This feature eliminates the need for managing AWS access keys by utilizing AWS-native identity controls, specifically through the use of Cloud Workload Identity and IRSA (IAM Roles for Service Accounts), which facilitates secure cloud access. The integration allows workspace workloads to assume customer-provided IAM roles with necessary permissions, thanks to a streamlined setup that supports up to 20 delegated entities per workspace group. This approach reduces the risk of secret exposure and aligns with best practices for AWS identity management. New endpoints in the Management API and a UI component have been introduced to automate or programmatically configure the process, enabling a more secure and maintainable pipeline setup with automatic use of short-lived AWS tokens and improved cross-account S3 access.