AWS has recently released a feature to allow PODs in EKS/K8S to assume individual, fine grained roles. This allows certain pods to get IAM credentials to perform work in AWS. The blog post is here:

https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/

This requires an update to SDKs because the new SDKs slightly modify the DefaultCredential chain to also look for certain environment variables which point to files that contain enough data to convert the data to IAM credentials.

Currently, configuration-as-code-secret-ssm-plugin specifies it's aws-java-sdk as 1.11.341: https://github.com/jenkinsci/configuration-as-code-secret-ssm-plugin/blob/master/pom.xml#L43

The aforementioned feature requires 1.11.623, ref: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-minimum-sdk.html

If we were to update this sdk, we could use this plugin in jenkins that's running in a K8S or EKS pod without further config.