migrate to github.com/aws/aws-sdk-go-v2

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
2024-01-28 09:56:36 +01:00 · 2024-01-28 09:56:36 +01:00 · 893d30d938
commit 893d30d938
parent bc53593768
8 changed files with 254 additions and 138 deletions
--- a/18
+++ b/18
@ -10,8 +10,22 @@ github.com/Venafi/vcert/v5,https://github.com/Venafi/vcert/blob/v5.3.0/LICENSE,A
 github.com/akamai/AkamaiOPEN-edgegrid-golang,https://github.com/akamai/AkamaiOPEN-edgegrid-golang/blob/v1.2.2/LICENSE,Apache-2.0
 github.com/antlr/antlr4/runtime/Go/antlr/v4,https://github.com/antlr/antlr4/blob/8188dc5388df/runtime/Go/antlr/v4/LICENSE,BSD-3-Clause
 github.com/asaskevich/govalidator,https://github.com/asaskevich/govalidator/blob/a9d515a09cc2/LICENSE,MIT
-github.com/aws/aws-sdk-go,https://github.com/aws/aws-sdk-go/blob/v1.50.5/LICENSE.txt,Apache-2.0
-github.com/aws/aws-sdk-go/internal/sync/singleflight,https://github.com/aws/aws-sdk-go/blob/v1.50.5/internal/sync/singleflight/LICENSE,BSD-3-Clause
+github.com/aws/aws-sdk-go-v2,https://github.com/aws/aws-sdk-go-v2/blob/v1.24.1/LICENSE.txt,Apache-2.0
+github.com/aws/aws-sdk-go-v2/config,https://github.com/aws/aws-sdk-go-v2/blob/config/v1.26.6/config/LICENSE.txt,Apache-2.0
+github.com/aws/aws-sdk-go-v2/credentials,https://github.com/aws/aws-sdk-go-v2/blob/credentials/v1.16.16/credentials/LICENSE.txt,Apache-2.0
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds,https://github.com/aws/aws-sdk-go-v2/blob/feature/ec2/imds/v1.14.11/feature/ec2/imds/LICENSE.txt,Apache-2.0
+github.com/aws/aws-sdk-go-v2/internal/configsources,https://github.com/aws/aws-sdk-go-v2/blob/internal/configsources/v1.2.10/internal/configsources/LICENSE.txt,Apache-2.0
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2,https://github.com/aws/aws-sdk-go-v2/blob/internal/endpoints/v2.5.10/internal/endpoints/v2/LICENSE.txt,Apache-2.0
+github.com/aws/aws-sdk-go-v2/internal/ini,https://github.com/aws/aws-sdk-go-v2/blob/internal/ini/v1.7.3/internal/ini/LICENSE.txt,Apache-2.0
+github.com/aws/aws-sdk-go-v2/internal/sync/singleflight,https://github.com/aws/aws-sdk-go-v2/blob/v1.24.1/internal/sync/singleflight/LICENSE,BSD-3-Clause
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding,https://github.com/aws/aws-sdk-go-v2/blob/service/internal/accept-encoding/v1.10.4/service/internal/accept-encoding/LICENSE.txt,Apache-2.0
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url,https://github.com/aws/aws-sdk-go-v2/blob/service/internal/presigned-url/v1.10.10/service/internal/presigned-url/LICENSE.txt,Apache-2.0
+github.com/aws/aws-sdk-go-v2/service/route53,https://github.com/aws/aws-sdk-go-v2/blob/service/route53/v1.37.0/service/route53/LICENSE.txt,Apache-2.0
+github.com/aws/aws-sdk-go-v2/service/sso,https://github.com/aws/aws-sdk-go-v2/blob/service/sso/v1.18.7/service/sso/LICENSE.txt,Apache-2.0
+github.com/aws/aws-sdk-go-v2/service/ssooidc,https://github.com/aws/aws-sdk-go-v2/blob/service/ssooidc/v1.21.7/service/ssooidc/LICENSE.txt,Apache-2.0
+github.com/aws/aws-sdk-go-v2/service/sts,https://github.com/aws/aws-sdk-go-v2/blob/service/sts/v1.26.7/service/sts/LICENSE.txt,Apache-2.0
+github.com/aws/smithy-go,https://github.com/aws/smithy-go/blob/v1.19.0/LICENSE,Apache-2.0
+github.com/aws/smithy-go/internal/sync/singleflight,https://github.com/aws/smithy-go/blob/v1.19.0/internal/sync/singleflight/LICENSE,BSD-3-Clause
 github.com/beorn7/perks/quantile,https://github.com/beorn7/perks/blob/v1.0.1/LICENSE,MIT
 github.com/blang/semver/v4,https://github.com/blang/semver/blob/v4.0.0/v4/LICENSE,MIT
 github.com/cenkalti/backoff/v3,https://github.com/cenkalti/backoff/blob/v3.2.2/LICENSE,MIT
--- a/cmd/controller/LICENSES
+++ b/cmd/controller/LICENSES
@ -7,8 +7,22 @@ github.com/Azure/go-ntlmssp,https://github.com/Azure/go-ntlmssp/blob/754e6932135
 github.com/AzureAD/microsoft-authentication-library-for-go/apps,https://github.com/AzureAD/microsoft-authentication-library-for-go/blob/v1.2.1/LICENSE,MIT
 github.com/Venafi/vcert/v5,https://github.com/Venafi/vcert/blob/v5.3.0/LICENSE,Apache-2.0
 github.com/akamai/AkamaiOPEN-edgegrid-golang,https://github.com/akamai/AkamaiOPEN-edgegrid-golang/blob/v1.2.2/LICENSE,Apache-2.0
-github.com/aws/aws-sdk-go,https://github.com/aws/aws-sdk-go/blob/v1.50.5/LICENSE.txt,Apache-2.0
-github.com/aws/aws-sdk-go/internal/sync/singleflight,https://github.com/aws/aws-sdk-go/blob/v1.50.5/internal/sync/singleflight/LICENSE,BSD-3-Clause
+github.com/aws/aws-sdk-go-v2,https://github.com/aws/aws-sdk-go-v2/blob/v1.24.1/LICENSE.txt,Apache-2.0
+github.com/aws/aws-sdk-go-v2/config,https://github.com/aws/aws-sdk-go-v2/blob/config/v1.26.6/config/LICENSE.txt,Apache-2.0
+github.com/aws/aws-sdk-go-v2/credentials,https://github.com/aws/aws-sdk-go-v2/blob/credentials/v1.16.16/credentials/LICENSE.txt,Apache-2.0
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds,https://github.com/aws/aws-sdk-go-v2/blob/feature/ec2/imds/v1.14.11/feature/ec2/imds/LICENSE.txt,Apache-2.0
+github.com/aws/aws-sdk-go-v2/internal/configsources,https://github.com/aws/aws-sdk-go-v2/blob/internal/configsources/v1.2.10/internal/configsources/LICENSE.txt,Apache-2.0
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2,https://github.com/aws/aws-sdk-go-v2/blob/internal/endpoints/v2.5.10/internal/endpoints/v2/LICENSE.txt,Apache-2.0
+github.com/aws/aws-sdk-go-v2/internal/ini,https://github.com/aws/aws-sdk-go-v2/blob/internal/ini/v1.7.3/internal/ini/LICENSE.txt,Apache-2.0
+github.com/aws/aws-sdk-go-v2/internal/sync/singleflight,https://github.com/aws/aws-sdk-go-v2/blob/v1.24.1/internal/sync/singleflight/LICENSE,BSD-3-Clause
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding,https://github.com/aws/aws-sdk-go-v2/blob/service/internal/accept-encoding/v1.10.4/service/internal/accept-encoding/LICENSE.txt,Apache-2.0
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url,https://github.com/aws/aws-sdk-go-v2/blob/service/internal/presigned-url/v1.10.10/service/internal/presigned-url/LICENSE.txt,Apache-2.0
+github.com/aws/aws-sdk-go-v2/service/route53,https://github.com/aws/aws-sdk-go-v2/blob/service/route53/v1.37.0/service/route53/LICENSE.txt,Apache-2.0
+github.com/aws/aws-sdk-go-v2/service/sso,https://github.com/aws/aws-sdk-go-v2/blob/service/sso/v1.18.7/service/sso/LICENSE.txt,Apache-2.0
+github.com/aws/aws-sdk-go-v2/service/ssooidc,https://github.com/aws/aws-sdk-go-v2/blob/service/ssooidc/v1.21.7/service/ssooidc/LICENSE.txt,Apache-2.0
+github.com/aws/aws-sdk-go-v2/service/sts,https://github.com/aws/aws-sdk-go-v2/blob/service/sts/v1.26.7/service/sts/LICENSE.txt,Apache-2.0
+github.com/aws/smithy-go,https://github.com/aws/smithy-go/blob/v1.19.0/LICENSE,Apache-2.0
+github.com/aws/smithy-go/internal/sync/singleflight,https://github.com/aws/smithy-go/blob/v1.19.0/internal/sync/singleflight/LICENSE,BSD-3-Clause
 github.com/beorn7/perks/quantile,https://github.com/beorn7/perks/blob/v1.0.1/LICENSE,MIT
 github.com/blang/semver/v4,https://github.com/blang/semver/blob/v4.0.0/v4/LICENSE,MIT
 github.com/cenkalti/backoff/v3,https://github.com/cenkalti/backoff/blob/v3.2.2/LICENSE,MIT
--- a/cmd/controller/go.mod
+++ b/cmd/controller/go.mod
@ -31,7 +31,20 @@ require (
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 // indirect
 	github.com/Venafi/vcert/v5 v5.3.0 // indirect
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2 // indirect
-	github.com/aws/aws-sdk-go v1.50.5 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.24.1 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.26.6 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.16.16 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 // indirect
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 // indirect
+	github.com/aws/smithy-go v1.19.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
--- a/cmd/controller/go.sum
+++ b/cmd/controller/go.sum
@ -22,8 +22,34 @@ github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2 h1:F1j7z+/DKEsYqZNoxC6wvfmai
 github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2/go.mod h1:QlXr/TrICfQ/ANa76sLeQyhAJyNR9sEcfNuZBkY9jgY=
 github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 h1:Kk6a4nehpJ3UuJRqlA3JxYxBZEqCeOmATOvrbT4p9RA=
 github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
-github.com/aws/aws-sdk-go v1.50.5 h1:H2Aadcgwr7a2aqS6ZwcE+l1mA6ZrTseYCvjw2QLmxIA=
-github.com/aws/aws-sdk-go v1.50.5/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
+github.com/aws/aws-sdk-go-v2 v1.24.1 h1:xAojnj+ktS95YZlDf0zxWBkbFtymPeDP+rvUQIH3uAU=
+github.com/aws/aws-sdk-go-v2 v1.24.1/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4=
+github.com/aws/aws-sdk-go-v2/config v1.26.6 h1:Z/7w9bUqlRI0FFQpetVuFYEsjzE3h7fpU6HuGmfPL/o=
+github.com/aws/aws-sdk-go-v2/config v1.26.6/go.mod h1:uKU6cnDmYCvJ+pxO9S4cWDb2yWWIH5hra+32hVh1MI4=
+github.com/aws/aws-sdk-go-v2/credentials v1.16.16 h1:8q6Rliyv0aUFAVtzaldUEcS+T5gbadPbWdV1WcAddK8=
+github.com/aws/aws-sdk-go-v2/credentials v1.16.16/go.mod h1:UHVZrdUsv63hPXFo1H7c5fEneoVo9UXiz36QG1GEPi0=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 h1:c5I5iH+DZcH3xOIMlz3/tCKJDaHFwYEmxvlh2fAcFo8=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11/go.mod h1:cRrYDYAMUohBJUtUnOhydaMHtiK/1NZ0Otc9lIb6O0Y=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 h1:vF+Zgd9s+H4vOXd5BMaPWykta2a6Ih0AKLq/X6NYKn4=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10/go.mod h1:6BkRjejp/GR4411UGqkX8+wFMbFbqsUIimfK4XjOKR4=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 h1:nYPe006ktcqUji8S2mqXf9c/7NdiKriOwMvWQHgYztw=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10/go.mod h1:6UV4SZkVvmODfXKql4LCbaZUpF7HO2BX38FgBf9ZOLw=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 h1:n3GDfwqF2tzEkXlv5cuy4iy7LpKDtqDMcNLfZDu9rls=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3YVNlkzkBrm9LfpaKoaYZUxIAj4sHfOTmLfqw=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 h1:DBYTXwIGQSGs9w4jKm60F5dmCQ3EEruxdc0MFh+3EY4=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10/go.mod h1:wohMUQiFdzo0NtxbBg0mSRGZ4vL3n0dKjLTINdcIino=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0 h1:f3hBZWtpn9clZGXJoqahQeec9ZPZnu22g8pg+zNyif0=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0/go.mod h1:8qqfpG4mug2JLlEyWPSFhEGvJiaZ9iPmMDDMYc5Xtas=
+github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 h1:eajuO3nykDPdYicLlP3AGgOyVN3MOlFmZv7WGTuJPow=
+github.com/aws/aws-sdk-go-v2/service/sso v1.18.7/go.mod h1:+mJNDdF+qiUlNKNC3fxn74WWNN+sOiGOEImje+3ScPM=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 h1:QPMJf+Jw8E1l7zqhZmMlFw6w1NmfkfiSK8mS4zOx3BA=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7/go.mod h1:ykf3COxYI0UJmxcfcxcVuz7b6uADi1FkiUz6Eb7AgM8=
+github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 h1:NzO4Vrau795RkUdSHKEwiR01FaGzGOH1EETJ+5QHnm0=
+github.com/aws/aws-sdk-go-v2/service/sts v1.26.7/go.mod h1:6h2YuIoxaMSCFf5fi1EgZAwdfkGMgDY+DVfa61uLe4U=
+github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM=
+github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
--- a/go.mod
+++ b/go.mod
@ -12,7 +12,12 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0
 	github.com/Venafi/vcert/v5 v5.3.0
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
-	github.com/aws/aws-sdk-go v1.50.5
+	github.com/aws/aws-sdk-go-v2 v1.24.1
+	github.com/aws/aws-sdk-go-v2/config v1.26.6
+	github.com/aws/aws-sdk-go-v2/credentials v1.16.16
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0
+	github.com/aws/aws-sdk-go-v2/service/sts v1.26.7
+	github.com/aws/smithy-go v1.19.0
 	github.com/cpu/goacmedns v0.1.1
 	github.com/digitalocean/godo v1.108.0
 	github.com/go-ldap/ldap/v3 v3.4.6
@ -59,6 +64,14 @@ require (
 	github.com/NYTimes/gziphandler v1.1.1 // indirect
 	github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
--- a/go.sum
+++ b/go.sum
@ -28,8 +28,34 @@ github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df h
 github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df/go.mod h1:pSwJ0fSY5KhvocuWSx4fz3BA8OrA1bQn+K1Eli3BRwM=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go v1.50.5 h1:H2Aadcgwr7a2aqS6ZwcE+l1mA6ZrTseYCvjw2QLmxIA=
-github.com/aws/aws-sdk-go v1.50.5/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
+github.com/aws/aws-sdk-go-v2 v1.24.1 h1:xAojnj+ktS95YZlDf0zxWBkbFtymPeDP+rvUQIH3uAU=
+github.com/aws/aws-sdk-go-v2 v1.24.1/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4=
+github.com/aws/aws-sdk-go-v2/config v1.26.6 h1:Z/7w9bUqlRI0FFQpetVuFYEsjzE3h7fpU6HuGmfPL/o=
+github.com/aws/aws-sdk-go-v2/config v1.26.6/go.mod h1:uKU6cnDmYCvJ+pxO9S4cWDb2yWWIH5hra+32hVh1MI4=
+github.com/aws/aws-sdk-go-v2/credentials v1.16.16 h1:8q6Rliyv0aUFAVtzaldUEcS+T5gbadPbWdV1WcAddK8=
+github.com/aws/aws-sdk-go-v2/credentials v1.16.16/go.mod h1:UHVZrdUsv63hPXFo1H7c5fEneoVo9UXiz36QG1GEPi0=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 h1:c5I5iH+DZcH3xOIMlz3/tCKJDaHFwYEmxvlh2fAcFo8=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11/go.mod h1:cRrYDYAMUohBJUtUnOhydaMHtiK/1NZ0Otc9lIb6O0Y=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 h1:vF+Zgd9s+H4vOXd5BMaPWykta2a6Ih0AKLq/X6NYKn4=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10/go.mod h1:6BkRjejp/GR4411UGqkX8+wFMbFbqsUIimfK4XjOKR4=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 h1:nYPe006ktcqUji8S2mqXf9c/7NdiKriOwMvWQHgYztw=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10/go.mod h1:6UV4SZkVvmODfXKql4LCbaZUpF7HO2BX38FgBf9ZOLw=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 h1:n3GDfwqF2tzEkXlv5cuy4iy7LpKDtqDMcNLfZDu9rls=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3YVNlkzkBrm9LfpaKoaYZUxIAj4sHfOTmLfqw=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 h1:DBYTXwIGQSGs9w4jKm60F5dmCQ3EEruxdc0MFh+3EY4=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10/go.mod h1:wohMUQiFdzo0NtxbBg0mSRGZ4vL3n0dKjLTINdcIino=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0 h1:f3hBZWtpn9clZGXJoqahQeec9ZPZnu22g8pg+zNyif0=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0/go.mod h1:8qqfpG4mug2JLlEyWPSFhEGvJiaZ9iPmMDDMYc5Xtas=
+github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 h1:eajuO3nykDPdYicLlP3AGgOyVN3MOlFmZv7WGTuJPow=
+github.com/aws/aws-sdk-go-v2/service/sso v1.18.7/go.mod h1:+mJNDdF+qiUlNKNC3fxn74WWNN+sOiGOEImje+3ScPM=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 h1:QPMJf+Jw8E1l7zqhZmMlFw6w1NmfkfiSK8mS4zOx3BA=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7/go.mod h1:ykf3COxYI0UJmxcfcxcVuz7b6uADi1FkiUz6Eb7AgM8=
+github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 h1:NzO4Vrau795RkUdSHKEwiR01FaGzGOH1EETJ+5QHnm0=
+github.com/aws/aws-sdk-go-v2/service/sts v1.26.7/go.mod h1:6h2YuIoxaMSCFf5fi1EgZAwdfkGMgDY+DVfa61uLe4U=
+github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM=
+github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
--- a/pkg/issuer/acme/dns/route53/route53.go
+++ b/pkg/issuer/acme/dns/route53/route53.go
@ -11,6 +11,8 @@ this directory.
 package route53

 import (
+	"context"
+	"errors"
 	"fmt"
 	"strings"
 	"time"
@ -19,14 +21,15 @@ import (

 	"github.com/go-logr/logr"

-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/credentials"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/aws/session"
-	"github.com/aws/aws-sdk-go/service/route53"
-	"github.com/aws/aws-sdk-go/service/sts"
-	"github.com/aws/aws-sdk-go/service/sts/stsiface"
+	"github.com/aws/aws-sdk-go-v2/aws"
+	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
+	awshttp "github.com/aws/aws-sdk-go-v2/aws/transport/http"
+	"github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/credentials"
+	"github.com/aws/aws-sdk-go-v2/service/route53"
+	route53types "github.com/aws/aws-sdk-go-v2/service/route53/types"
+	"github.com/aws/aws-sdk-go-v2/service/sts"
+	"github.com/aws/smithy-go/middleware"
 	"github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util"
 )

@ -37,7 +40,7 @@ const (
 // DNSProvider implements the util.ChallengeProvider interface
 type DNSProvider struct {
 	dns01Nameservers []string
-	client           *route53.Route53
+	client           *route53.Client
 	hostedZoneID     string
 	log              logr.Logger

@ -50,27 +53,28 @@ type sessionProvider struct {
 	Ambient         bool
 	Region          string
 	Role            string
-	StsProvider     func(*session.Session) stsiface.STSAPI
+	StsProvider     func(aws.Config) StsClient
 	log             logr.Logger
 	userAgent       string
 }

-func (d *sessionProvider) GetSession() (*session.Session, error) {
+type StsClient interface {
+	AssumeRole(ctx context.Context, params *sts.AssumeRoleInput, optFns ...func(*sts.Options)) (*sts.AssumeRoleOutput, error)
+}
+
+func (d *sessionProvider) GetSession() (aws.Config, error) {
 	if d.AccessKeyID == "" && d.SecretAccessKey == "" {
 		if !d.Ambient {
-			return nil, fmt.Errorf("unable to construct route53 provider: empty credentials; perhaps you meant to enable ambient credentials?")
+			return aws.Config{}, fmt.Errorf("unable to construct route53 provider: empty credentials; perhaps you meant to enable ambient credentials?")
 		}
 	} else if d.AccessKeyID == "" || d.SecretAccessKey == "" {
 		// It's always an error to set one of those but not the other
-		return nil, fmt.Errorf("unable to construct route53 provider: only one of access and secret key was provided")
+		return aws.Config{}, fmt.Errorf("unable to construct route53 provider: only one of access and secret key was provided")
 	}

 	useAmbientCredentials := d.Ambient && (d.AccessKeyID == "" && d.SecretAccessKey == "")

-	config := aws.NewConfig()
-	sessionOpts := session.Options{
-		Config: *config,
-	}
+	var optFns []func(*config.LoadOptions) error

 	if useAmbientCredentials {
 		d.log.V(logf.DebugLevel).Info("using ambient credentials")
@ -79,49 +83,44 @@ func (d *sessionProvider) GetSession() (*session.Session, error) {
 		// https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
 	} else {
 		d.log.V(logf.DebugLevel).Info("not using ambient credentials")
-		sessionOpts.Config.Credentials = credentials.NewStaticCredentials(d.AccessKeyID, d.SecretAccessKey, "")
-		// also disable 'ambient' region sources
-		sessionOpts.SharedConfigState = session.SharedConfigDisable
+		optFns = append(optFns, config.WithCredentialsProvider(credentials.NewStaticCredentialsProvider(d.AccessKeyID, d.SecretAccessKey, "")))
 	}

-	sess, err := session.NewSessionWithOptions(sessionOpts)
+	cfg, err := config.LoadDefaultConfig(context.TODO(), optFns...)
 	if err != nil {
-		return nil, fmt.Errorf("unable to create aws session: %s", err)
+		return aws.Config{}, fmt.Errorf("unable to create aws config: %s", err)
 	}

 	if d.Role != "" {
 		d.log.V(logf.DebugLevel).WithValues("role", d.Role).Info("assuming role")
-		stsSvc := d.StsProvider(sess)
-		result, err := stsSvc.AssumeRole(&sts.AssumeRoleInput{
+		stsSvc := d.StsProvider(cfg)
+		result, err := stsSvc.AssumeRole(context.TODO(), &sts.AssumeRoleInput{
 			RoleArn:         aws.String(d.Role),
 			RoleSessionName: aws.String("cert-manager"),
 		})
 		if err != nil {
-			return nil, fmt.Errorf("unable to assume role: %s", err)
+			return aws.Config{}, fmt.Errorf("unable to assume role: %s", err)
 		}

-		creds := credentials.Value{
-			AccessKeyID:     *result.Credentials.AccessKeyId,
-			SecretAccessKey: *result.Credentials.SecretAccessKey,
-			SessionToken:    *result.Credentials.SessionToken,
-		}
-		sessionOpts.Config.Credentials = credentials.NewStaticCredentialsFromCreds(creds)
-
-		sess, err = session.NewSessionWithOptions(sessionOpts)
-		if err != nil {
-			return nil, fmt.Errorf("unable to create aws session: %s", err)
-		}
+		cfg.Credentials = credentials.NewStaticCredentialsProvider(
+			*result.Credentials.AccessKeyId,
+			*result.Credentials.SecretAccessKey,
+			*result.Credentials.SessionToken,
+		)
 	}

 	// If ambient credentials aren't permitted, always set the region, even if to
 	// empty string, to avoid it falling back on the environment.
 	// this has to be set after session is constructed
 	if d.Region != "" || !useAmbientCredentials {
-		sess.Config.WithRegion(d.Region)
+		cfg.Region = d.Region
 	}

-	sess.Handlers.Build.PushBack(request.WithAppendUserAgent(d.userAgent))
-	return sess, nil
+	cfg.APIOptions = append(cfg.APIOptions, func(stack *middleware.Stack) error {
+		return awsmiddleware.AddUserAgentKeyValue("cert-manager", d.userAgent)(stack)
+	})
+
+	return cfg, nil
 }

 func newSessionProvider(accessKeyID, secretAccessKey, region, role string, ambient bool, userAgent string) (*sessionProvider, error) {
@ -137,8 +136,8 @@ func newSessionProvider(accessKeyID, secretAccessKey, region, role string, ambie
 	}, nil
 }

-func defaultSTSProvider(sess *session.Session) stsiface.STSAPI {
-	return sts.New(sess)
+func defaultSTSProvider(cfg aws.Config) StsClient {
+	return sts.NewFromConfig(cfg)
 }

 // NewDNSProvider returns a DNSProvider instance configured for the AWS
@ -154,12 +153,12 @@ func NewDNSProvider(accessKeyID, secretAccessKey, hostedZoneID, region, role str
 		return nil, err
 	}

-	sess, err := provider.GetSession()
+	cfg, err := provider.GetSession()
 	if err != nil {
 		return nil, err
 	}

-	client := route53.New(sess)
+	client := route53.NewFromConfig(cfg)

 	return &DNSProvider{
 		client:           client,
@ -173,16 +172,16 @@ func NewDNSProvider(accessKeyID, secretAccessKey, hostedZoneID, region, role str
 // Present creates a TXT record using the specified parameters
 func (r *DNSProvider) Present(domain, fqdn, value string) error {
 	value = `"` + value + `"`
-	return r.changeRecord(route53.ChangeActionUpsert, fqdn, value, route53TTL)
+	return r.changeRecord(route53types.ChangeActionUpsert, fqdn, value, route53TTL)
 }

 // CleanUp removes the TXT record matching the specified parameters
 func (r *DNSProvider) CleanUp(domain, fqdn, value string) error {
 	value = `"` + value + `"`
-	return r.changeRecord(route53.ChangeActionDelete, fqdn, value, route53TTL)
+	return r.changeRecord(route53types.ChangeActionDelete, fqdn, value, route53TTL)
 }

-func (r *DNSProvider) changeRecord(action, fqdn, value string, ttl int) error {
+func (r *DNSProvider) changeRecord(action route53types.ChangeAction, fqdn, value string, ttl int) error {
 	hostedZoneID, err := r.getHostedZoneID(fqdn)
 	if err != nil {
 		return fmt.Errorf("failed to determine Route 53 hosted zone ID: %v", err)
@ -191,26 +190,25 @@ func (r *DNSProvider) changeRecord(action, fqdn, value string, ttl int) error {
 	recordSet := newTXTRecordSet(fqdn, value, ttl)
 	reqParams := &route53.ChangeResourceRecordSetsInput{
 		HostedZoneId: aws.String(hostedZoneID),
-		ChangeBatch: &route53.ChangeBatch{
+		ChangeBatch: &route53types.ChangeBatch{
 			Comment: aws.String("Managed by cert-manager"),
-			Changes: []*route53.Change{
+			Changes: []route53types.Change{
 				{
-					Action:            &action,
+					Action:            action,
 					ResourceRecordSet: recordSet,
 				},
 			},
 		},
 	}

-	resp, err := r.client.ChangeResourceRecordSets(reqParams)
+	resp, err := r.client.ChangeResourceRecordSets(context.TODO(), reqParams)
 	if err != nil {
-		if awserr, ok := err.(awserr.Error); ok {
-			if action == route53.ChangeActionDelete && awserr.Code() == route53.ErrCodeInvalidChangeBatch {
-				r.log.V(logf.DebugLevel).WithValues("error", err).Info("ignoring InvalidChangeBatch error")
-				// If we try to delete something and get a 'InvalidChangeBatch' that
-				// means it's already deleted, no need to consider it an error.
-				return nil
-			}
+		invalidChangeBatchErr := &route53types.InvalidChangeBatch{}
+		if errors.As(err, &invalidChangeBatchErr) && action == route53types.ChangeActionDelete {
+			r.log.V(logf.DebugLevel).WithValues("error", err).Info("ignoring InvalidChangeBatch error")
+			// If we try to delete something and get a 'InvalidChangeBatch' that
+			// means it's already deleted, no need to consider it an error.
+			return nil
 		}
 		return fmt.Errorf("failed to change Route 53 record set: %v", removeReqID(err))

@ -222,11 +220,11 @@ func (r *DNSProvider) changeRecord(action, fqdn, value string, ttl int) error {
 		reqParams := &route53.GetChangeInput{
 			Id: statusID,
 		}
-		resp, err := r.client.GetChange(reqParams)
+		resp, err := r.client.GetChange(context.TODO(), reqParams)
 		if err != nil {
 			return false, fmt.Errorf("failed to query Route 53 change status: %v", removeReqID(err))
 		}
-		if *resp.ChangeInfo.Status == route53.ChangeStatusInsync {
+		if resp.ChangeInfo.Status == route53types.ChangeStatusInsync {
 			return true, nil
 		}
 		return false, nil
@ -247,7 +245,7 @@ func (r *DNSProvider) getHostedZoneID(fqdn string) (string, error) {
 	reqParams := &route53.ListHostedZonesByNameInput{
 		DNSName: aws.String(util.UnFqdn(authZone)),
 	}
-	resp, err := r.client.ListHostedZonesByName(reqParams)
+	resp, err := r.client.ListHostedZonesByName(context.TODO(), reqParams)
 	if err != nil {
 		return "", removeReqID(err)
 	}
@ -256,7 +254,7 @@ func (r *DNSProvider) getHostedZoneID(fqdn string) (string, error) {
 	var hostedZones []string
 	for _, hostedZone := range resp.HostedZones {
 		// .Name has a trailing dot
-		if !*hostedZone.Config.PrivateZone {
+		if !hostedZone.Config.PrivateZone {
 			zoneToID[*hostedZone.Name] = *hostedZone.Id
 			hostedZones = append(hostedZones, *hostedZone.Name)
 		}
@ -272,21 +270,19 @@ func (r *DNSProvider) getHostedZoneID(fqdn string) (string, error) {
 		return "", fmt.Errorf("zone %s not found in Route 53 for domain %s", authZone, fqdn)
 	}

-	if strings.HasPrefix(hostedZoneID, "/hostedzone/") {
-		hostedZoneID = strings.TrimPrefix(hostedZoneID, "/hostedzone/")
-	}
+	hostedZoneID = strings.TrimPrefix(hostedZoneID, "/hostedzone/")

 	return hostedZoneID, nil
 }

-func newTXTRecordSet(fqdn, value string, ttl int) *route53.ResourceRecordSet {
-	return &route53.ResourceRecordSet{
+func newTXTRecordSet(fqdn, value string, ttl int) *route53types.ResourceRecordSet {
+	return &route53types.ResourceRecordSet{
 		Name:             aws.String(fqdn),
-		Type:             aws.String(route53.RRTypeTxt),
+		Type:             route53types.RRTypeTxt,
 		TTL:              aws.Int64(int64(ttl)),
 		MultiValueAnswer: aws.Bool(true),
 		SetIdentifier:    aws.String(value),
-		ResourceRecords: []*route53.ResourceRecord{
+		ResourceRecords: []route53types.ResourceRecord{
 			{Value: aws.String(value)},
 		},
 	}
@ -299,16 +295,10 @@ func newTXTRecordSet(fqdn, value string, ttl int) *route53.ResourceRecordSet {
 // The given error must not be nil. This function must be called everywhere
 // we have a non-nil error coming from an aws-sdk-go func.
 func removeReqID(err error) error {
-	// NOTE(mael): I first tried to unwrap the RequestFailure to get rid of
-	// this request id. But the concrete type requestFailure is private, so
-	// I can't unwrap it. Instead, I recreate a new awserr.baseError. It's
-	// also a awserr.Error except it doesn't have the request id.
-	//
-	// Also note that we do not give the origErr to awserr.New. If we did,
-	// err.Error() would show the origErr, which we don't want since it
-	// contains a request id.
-	if e, ok := err.(awserr.RequestFailure); ok {
-		return awserr.New(e.Code(), e.Message(), nil)
+	responseError := &awshttp.ResponseError{}
+	if errors.As(err, &responseError) {
+		// remove the request id from the error message
+		responseError.RequestID = "<REDACTED>"
 	}
 	return err
 }
--- a/pkg/issuer/acme/dns/route53/route53_test.go
+++ b/pkg/issuer/acme/dns/route53/route53_test.go
@ -9,25 +9,27 @@ this directory.
 package route53

 import (
+	"context"
 	"errors"
 	"fmt"
+	"net/http"
 	"net/http/httptest"
 	"os"
 	"testing"

-	logf "github.com/cert-manager/cert-manager/pkg/logs"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/credentials"
-	"github.com/aws/aws-sdk-go/aws/session"
-	"github.com/aws/aws-sdk-go/service/route53"
-	"github.com/aws/aws-sdk-go/service/sts"
-	"github.com/aws/aws-sdk-go/service/sts/stsiface"
+	"github.com/aws/aws-sdk-go-v2/aws"
+	awshttp "github.com/aws/aws-sdk-go-v2/aws/transport/http"
+	"github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/credentials"
+	"github.com/aws/aws-sdk-go-v2/service/route53"
+	"github.com/aws/aws-sdk-go-v2/service/sts"
+	ststypes "github.com/aws/aws-sdk-go-v2/service/sts/types"
+	smithyhttp "github.com/aws/smithy-go/transport/http"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"

 	"github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util"
+	logf "github.com/cert-manager/cert-manager/pkg/logs"
 )

 var (
@ -49,18 +51,23 @@ func restoreRoute53Env() {
 }

 func makeRoute53Provider(ts *httptest.Server) (*DNSProvider, error) {
-	config := &aws.Config{
-		Credentials: credentials.NewStaticCredentials("abc", "123", " "),
-		Endpoint:    aws.String(ts.URL),
-		Region:      aws.String("mock-region"),
-		MaxRetries:  aws.Int(1),
-	}
-
-	sess, err := session.NewSession(config)
+	cfg, err := config.LoadDefaultConfig(
+		context.TODO(),
+		config.WithCredentialsProvider(credentials.NewStaticCredentialsProvider("abc", "123", " ")),
+		config.WithEndpointResolverWithOptions(aws.EndpointResolverWithOptionsFunc(func(service, region string, options ...interface{}) (aws.Endpoint, error) {
+			return aws.Endpoint{
+				URL: ts.URL,
+			}, nil
+		})),
+		config.WithRegion("mock-region"),
+		config.WithRetryMaxAttempts(1),
+		config.WithHTTPClient(ts.Client()),
+	)
 	if err != nil {
 		return nil, err
 	}
-	client := route53.New(sess)
+
+	client := route53.NewFromConfig(cfg)
 	return &DNSProvider{client: client, dns01Nameservers: util.RecursiveNameservers}, nil
 }

@ -73,9 +80,10 @@ func TestAmbientCredentialsFromEnv(t *testing.T) {
 	provider, err := NewDNSProvider("", "", "", "", "", true, util.RecursiveNameservers, "cert-manager-test")
 	assert.NoError(t, err, "Expected no error constructing DNSProvider")

-	_, err = provider.client.Config.Credentials.Get()
+	_, err = provider.client.Options().Credentials.Retrieve(context.TODO())
 	assert.NoError(t, err, "Expected credentials to be set from environment")
-	assert.Equal(t, provider.client.Config.Region, aws.String("us-east-1"))
+
+	assert.Equal(t, provider.client.Options().Region, "us-east-1")
 }

 func TestNoCredentialsFromEnv(t *testing.T) {
@ -95,7 +103,7 @@ func TestAmbientRegionFromEnv(t *testing.T) {
 	provider, err := NewDNSProvider("", "", "", "", "", true, util.RecursiveNameservers, "cert-manager-test")
 	assert.NoError(t, err, "Expected no error constructing DNSProvider")

-	assert.Equal(t, "us-east-1", *provider.client.Config.Region, "Expected Region to be set from environment")
+	assert.Equal(t, "us-east-1", provider.client.Options().Region, "Expected Region to be set from environment")
 }

 func TestNoRegionFromEnv(t *testing.T) {
@ -105,16 +113,16 @@ func TestNoRegionFromEnv(t *testing.T) {
 	provider, err := NewDNSProvider("marx", "swordfish", "", "", "", false, util.RecursiveNameservers, "cert-manager-test")
 	assert.NoError(t, err, "Expected no error constructing DNSProvider")

-	assert.Equal(t, "", *provider.client.Config.Region, "Expected Region to not be set from environment")
+	assert.Equal(t, "", provider.client.Options().Region, "Expected Region to not be set from environment")
 }

 func TestRoute53Present(t *testing.T) {
 	mockResponses := MockResponseMap{
-		"/2013-04-01/hostedzonesbyname":         MockResponse{StatusCode: 200, Body: ListHostedZonesByNameResponse},
-		"/2013-04-01/hostedzone/ABCDEFG/rrset/": MockResponse{StatusCode: 200, Body: ChangeResourceRecordSetsResponse},
-		"/2013-04-01/hostedzone/HIJKLMN/rrset/": MockResponse{StatusCode: 200, Body: ChangeResourceRecordSetsResponse},
-		"/2013-04-01/change/123456":             MockResponse{StatusCode: 200, Body: GetChangeResponse},
-		"/2013-04-01/hostedzone/OPQRSTU/rrset/": MockResponse{StatusCode: 403, Body: ChangeResourceRecordSets403Response},
+		"/2013-04-01/hostedzonesbyname":        MockResponse{StatusCode: 200, Body: ListHostedZonesByNameResponse},
+		"/2013-04-01/hostedzone/ABCDEFG/rrset": MockResponse{StatusCode: 200, Body: ChangeResourceRecordSetsResponse},
+		"/2013-04-01/hostedzone/HIJKLMN/rrset": MockResponse{StatusCode: 200, Body: ChangeResourceRecordSetsResponse},
+		"/2013-04-01/change/123456":            MockResponse{StatusCode: 200, Body: GetChangeResponse},
+		"/2013-04-01/hostedzone/OPQRSTU/rrset": MockResponse{StatusCode: 403, Body: ChangeResourceRecordSets403Response},
 	}

 	ts := newMockServer(t, mockResponses)
@ -146,11 +154,11 @@ func TestRoute53Present(t *testing.T) {
 	// request which causes spurious challenge updates.
 	err = provider.Present("bar.example.com", "bar.example.com.", keyAuth)
 	require.Error(t, err, "Expected Present to return an error")
-	assert.Equal(t, `failed to change Route 53 record set: AccessDenied: User: arn:aws:iam::0123456789:user/test-cert-manager is not authorized to perform: route53:ChangeResourceRecordSets on resource: arn:aws:route53:::hostedzone/OPQRSTU`, err.Error())
+	assert.Equal(t, `failed to change Route 53 record set: operation error Route 53: ChangeResourceRecordSets, https response error StatusCode: 403, RequestID: <REDACTED>, api error AccessDenied: User: arn:aws:iam::0123456789:user/test-cert-manager is not authorized to perform: route53:ChangeResourceRecordSets on resource: arn:aws:route53:::hostedzone/OPQRSTU`, err.Error())
 }

 func TestAssumeRole(t *testing.T) {
-	creds := &sts.Credentials{
+	creds := &ststypes.Credentials{
 		AccessKeyId:     aws.String("foo"),
 		SecretAccessKey: aws.String("bar"),
 		SessionToken:    aws.String("my-token"),
@ -160,7 +168,7 @@ func TestAssumeRole(t *testing.T) {
 		ambient   bool
 		role      string
 		expErr    bool
-		expCreds  *sts.Credentials
+		expCreds  *ststypes.Credentials
 		expRegion string
 		key       string
 		secret    string
@ -178,7 +186,7 @@ func TestAssumeRole(t *testing.T) {
 			expCreds:  creds,
 			expRegion: "",
 			mockSTS: &mockSTS{
-				AssumeRoleFn: func(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error) {
+				AssumeRoleFn: func(ctx context.Context, params *sts.AssumeRoleInput, optFns ...func(*sts.Options)) (*sts.AssumeRoleOutput, error) {
 					return &sts.AssumeRoleOutput{
 						Credentials: creds,
 					}, nil
@ -195,7 +203,7 @@ func TestAssumeRole(t *testing.T) {
 			expErr:   false,
 			expCreds: creds,
 			mockSTS: &mockSTS{
-				AssumeRoleFn: func(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error) {
+				AssumeRoleFn: func(ctx context.Context, params *sts.AssumeRoleInput, optFns ...func(*sts.Options)) (*sts.AssumeRoleOutput, error) {
 					return &sts.AssumeRoleOutput{
 						Credentials: creds,
 					}, nil
@ -210,12 +218,12 @@ func TestAssumeRole(t *testing.T) {
 			secret:  "my-explicit-secret",
 			region:  "eu-central-1",
 			expErr:  false,
-			expCreds: &sts.Credentials{
+			expCreds: &ststypes.Credentials{
 				AccessKeyId:     aws.String("my-explicit-key"),    // from <key> above
 				SecretAccessKey: aws.String("my-explicit-secret"), // from <secret> above
 			},
 			mockSTS: &mockSTS{
-				AssumeRoleFn: func(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error) {
+				AssumeRoleFn: func(ctx context.Context, params *sts.AssumeRoleInput, optFns ...func(*sts.Options)) (*sts.AssumeRoleOutput, error) {
 					return &sts.AssumeRoleOutput{
 						Credentials: creds,
 					}, nil
@ -233,7 +241,7 @@ func TestAssumeRole(t *testing.T) {
 			expErr:   true,
 			expCreds: nil,
 			mockSTS: &mockSTS{
-				AssumeRoleFn: func(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error) {
+				AssumeRoleFn: func(ctx context.Context, params *sts.AssumeRoleInput, optFns ...func(*sts.Options)) (*sts.AssumeRoleOutput, error) {
 					return nil, fmt.Errorf("error assuming mock role")
 				},
 			},
@ -242,40 +250,43 @@ func TestAssumeRole(t *testing.T) {

 	for _, c := range cases {
 		t.Run(c.name, func(t *testing.T) {
-			provider, err := makeMockSessionProvider(func(sess *session.Session) stsiface.STSAPI {
+			provider, err := makeMockSessionProvider(func(aws.Config) StsClient {
 				return c.mockSTS
 			}, c.key, c.secret, c.region, c.role, c.ambient)
 			assert.NoError(t, err)
-			sess, err := provider.GetSession()
+			cfg, err := provider.GetSession()
 			if c.expErr {
 				assert.NotNil(t, err)
 			} else {
-				sessCreds, _ := sess.Config.Credentials.Get()
+				sessCreds, _ := cfg.Credentials.Retrieve(context.TODO())
 				assert.Equal(t, c.mockSTS.assumedRole, c.role)
 				assert.Equal(t, *c.expCreds.SecretAccessKey, sessCreds.SecretAccessKey)
 				assert.Equal(t, *c.expCreds.AccessKeyId, sessCreds.AccessKeyID)
-				assert.Equal(t, c.region, *sess.Config.Region)
+				assert.Equal(t, c.region, cfg.Region)
 			}
 		})
 	}
 }

 type mockSTS struct {
-	*sts.STS
-	AssumeRoleFn func(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error)
+	AssumeRoleFn func(ctx context.Context, params *sts.AssumeRoleInput, optFns ...func(*sts.Options)) (*sts.AssumeRoleOutput, error)
 	assumedRole  string
 }

-func (m *mockSTS) AssumeRole(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error) {
+func (m *mockSTS) AssumeRole(ctx context.Context, params *sts.AssumeRoleInput, optFns ...func(*sts.Options)) (*sts.AssumeRoleOutput, error) {
 	if m.AssumeRoleFn != nil {
-		m.assumedRole = *input.RoleArn
-		return m.AssumeRoleFn(input)
+		m.assumedRole = *params.RoleArn
+		return m.AssumeRoleFn(ctx, params, optFns...)
 	}

 	return nil, nil
 }

-func makeMockSessionProvider(defaultSTSProvider func(sess *session.Session) stsiface.STSAPI, accessKeyID, secretAccessKey, region, role string, ambient bool) (*sessionProvider, error) {
+func makeMockSessionProvider(
+	defaultSTSProvider func(aws.Config) StsClient,
+	accessKeyID, secretAccessKey, region, role string,
+	ambient bool,
+) (*sessionProvider, error) {
 	return &sessionProvider{
 		AccessKeyID:     accessKeyID,
 		SecretAccessKey: secretAccessKey,
@ -288,20 +299,29 @@ func makeMockSessionProvider(defaultSTSProvider func(sess *session.Session) stsi
 }

 func Test_removeReqID(t *testing.T) {
+	newResponseError := func() *smithyhttp.ResponseError {
+		return &smithyhttp.ResponseError{
+			Err: errors.New("foo"),
+			Response: &smithyhttp.Response{
+				Response: &http.Response{},
+			},
+		}
+	}
+
 	tests := []struct {
 		name    string
 		err     error
 		wantErr error
 	}{
 		{
-			name:    "should remove the request id and the origin error",
-			err:     awserr.NewRequestFailure(awserr.New("foo", "bar", nil), 400, "SOMEREQUESTID"),
-			wantErr: awserr.New("foo", "bar", nil),
+			name:    "should replace the request id with a static value to keep the message stable",
+			err:     &awshttp.ResponseError{RequestID: "SOMEREQUESTID", ResponseError: newResponseError()},
+			wantErr: &awshttp.ResponseError{RequestID: "<REDACTED>", ResponseError: newResponseError()},
 		},
 		{
 			name:    "should do nothing if no request id is set",
-			err:     awserr.New("foo", "bar", nil),
-			wantErr: awserr.New("foo", "bar", nil),
+			err:     newResponseError(),
+			wantErr: newResponseError(),
 		},
 		{
 			name:    "should do nothing if the error is not an aws error",