Support standard AWS SDK Credential mechanisms #1
Description
The current implementation (since 6629878) requires the controller to get its credentials from a Secret object. Can you make that a conditional only if the secret is defined, and support the default credential chain? This will allow operators to use standard means like IAM Roles for Service Accounts, secrets as a pod's environment variables. The SDK region should be inferred from the standard configuration points too (env var/config file/IMDS).
It would be really nice to not have to reference a secret to set non-secret values such as the Cert ARN in the provisioner, and just directly state that value.