Upgrade to aws-sdk-go-v2, v1 is unsupported

[YakDriver]

Closes #509
Supercedes #467

PCI review checklist

• I have documented a clear reason for, and description of, the change I am making.

• If applicable, I've documented a plan to revert these changes if they require more than reverting the pull request.

• If applicable, I've documented the impact of any changes to security controls.

  Examples of changes to security controls include using new access control methods, adding or removing logging pipelines, etc.

Description

This PR migrates go-getter from aws-sdk-go v1 → aws-sdk-go-v2, and updates AWS domain handling to support all partitions instead of hardcoding the commercial partition.

Motivation

• End of support for v1: AWS officially ended support for aws-sdk-go v1 on July 31, 2025. Continuing to depend on v1 risks unpatched bugs, incompatibility with future AWS services, and missing security updates. Migrating to v2 ensures long-term compatibility and access to current APIs.
• Partition awareness: The existing implementation assumes the AWS commercial partition by checking only for ".amazonaws.com". This prevents usage in GovCloud, China, isolated, and custom partitions. By iterating through endpoints.DefaultPartitions(), the new code dynamically detects the correct DNS suffix, enabling broader compatibility.

Description of Changes

• Replaced all imports and usage of github.com/aws/aws-sdk-go v1 with github.com/aws/aws-sdk-go-v2 equivalents, including configuration and service clients.
• Updated AWS domain detection logic:

  var awsDomain *string
  for _, partition := range endpoints.DefaultPartitions() {
      if strings.HasSuffix(u.Host, partition.DNSSuffix()) {
          awsDomain = aws.String(partition.DNSSuffix())
          break
      }
  }
  
  if awsDomain != nil {
      // proceed with AWS-specific logic
  }

• This replaces the previous strings.HasSuffix(u.Host, ".amazonaws.com") check.
• Ensured go.mod and go.sum reflect v2 modules and remove v1.

Security Impact

• Dependency lifecycle: Migrating from aws-sdk-go v1 (deprecated as of July 31, 2025) to v2 reduces exposure to unpatched vulnerabilities and ensures continued receipt of upstream security fixes.
• Endpoint validation:
  • Previous logic assumed all valid AWS endpoints ended in .amazonaws.com. This excluded non-commercial partitions, but also oversimplified endpoint validation.
  • New logic checks against endpoints.DefaultPartitions(), which is maintained by AWS. This tightens validation by ensuring hosts must match an official partition DNS suffix before being treated as AWS endpoints.
• Authentication and credential handling: v2 SDK uses config.LoadDefaultConfig, which centralizes credential resolution (shared config files, environment variables, IAM roles, etc.). This is the recommended and more secure approach compared to v1’s session.NewSession.
• Confidentiality & integrity: No new storage or transmission of secrets is introduced. All communications remain signed and encrypted per AWS SDK defaults (SigV4 over TLS).
• Availability: Supporting multiple partitions increases resilience for users operating in restricted environments (e.g., GovCloud, China) by removing the hardcoded commercial partition dependency.

Overall, this change improves security posture by moving to a supported SDK, aligning with AWS best practices for credential resolution, and strengthening endpoint validation. No weakening of authentication, authorization, confidentiality, or integrity controls has been introduced.

[dduzgun-security]

LGTM! 👍

[thevilledev]

Hey! At least hashicorp/packer-plugin-sdk utilises v2 version of this package. Are you planning to cherry-pick this change to the v2 branch?