feat: migrate from aws-sdk-go v1 to v2

[ian-flores]

Summary

• Migrate AWS SDK usage from deprecated aws-sdk-go (v1) to aws-sdk-go-v2
• Replace session-based auth with config-based auth pattern
• Update Secrets Manager client to v2 API

Test plan

• All api/product tests pass
• No remaining v1 references in codebase
• Manual verification in staging environment

Closes #12

[claude]

Claude finished @ian-flores's task —— View job

---

Reviewing PR #50

• Read review guidelines
• Analyze changed files
• Create pending review
• Add inline comments (submitted in review body due to permissions)
• Submit review

Review submitted with feedback on security, code quality, and one suggestion for improved nil handling.

[claude]

AWS SDK v2 Migration Review

Overall this is a clean migration from AWS SDK v1 to v2. The changes follow the correct v2 patterns and improve code readability.

Security (Credential Handling)

• ✅ config.LoadDefaultConfig(ctx, ...) correctly passes context and uses the standard credential chain
• ✅ Region configuration properly flows through GetAWSRegion()

Code Quality

api/product/secret.go

• The flattened control flow (early returns instead of nested if-else) is easier to follow
• Suggestion: Consider adding a nil check for valueOutput.SecretString at line 156. The v2 API can return SecretBinary instead of SecretString for binary secrets:

  if valueOutput.SecretString == nil {
      return "", errors.New("secret returned as binary, expected string")
  }

api/product/util.go

• Using const defaultAWSRegion = "us-east-2" instead of endpoints.UsEast2RegionID is a reasonable tradeoff - removes SDK dependency while maintaining backwards compatibility

Dependencies

• ✅ v1 SDK (github.com/aws/aws-sdk-go) and its transitive dependency (go-jmespath) properly removed
• ✅ v2 modules appropriately scoped (only importing what's needed)

Testing

• Test updated to use hardcoded region string instead of SDK constant - maintains test coverage