Support for AWS SDK for Go v2 in handler.Request

[maastha]

Currently, the cloudformation-cli-go-plugin provides AWS credentials via handler.Request.Session, which is an AWS SDK v1 session (*session.Session from github.com/aws/aws-sdk-go). AWS SDK for Go v1 has reached end-of-life.

As the Go ecosystem migrates to AWS SDK v2 (github.com/aws/aws-sdk-go-v2), resource providers need to maintain both SDK versions or implement credential bridging workarounds to use SDK v2 clients.

Current Workaround
To use AWS SDK v2 services in CloudFormation resource handlers, we currently have to bridge credentials from the SDK v1 session:

import (
    "github.com/aws-cloudformation/cloudformation-cli-go-plugin/cfn/handler"
    "github.com/aws/aws-sdk-go-v2/aws"
)

func awsConfigFromHandlerRequest(req *handler.Request) aws.Config {
    return aws.Config{
        Region: aws.ToString(req.Session.Config.Region),
        Credentials: aws.CredentialsProviderFunc(func(ctx context.Context) (aws.Credentials, error) {
            v1Creds, err := req.Session.Config.Credentials.Get()
            if err != nil {
                return aws.Credentials{}, err
            }
            return aws.Credentials{
                AccessKeyID:     v1Creds.AccessKeyID,
                SecretAccessKey: v1Creds.SecretAccessKey,
                SessionToken:    v1Creds.SessionToken,
            }, nil
        }),
    }
}

Questions:

1. Are there any plans to add native AWS SDK v2 support? Is there a timeline for this migration? AWS SDK v1 has EOL'd, and SDK v2 is the recommended path forward.
2. Is the credential bridging approach above the recommended workaround? Or is there a better pattern you'd suggest for resource providers migrating to SDK v2?