rds_exporter doesn't use service account role in AWS GovCloud EKS Cluster

[prabinsh]

Description

rds_exporter doesn't use the role of the service account when deploying in the AWS EKS. It uses the EKSNodeRole and the following error is logged ERRO[2023-03-08T20:56:43.534+00:00] ts=2023-03-08T20:56:43.534Z caller=sessions.go:122 level=error component=sessions msg="Failed to get resource IDs." error="AccessDenied: User: arn:aws-us-gov:sts:: *****:assumed-role/******-01-EKSNodeRole-20230217182951101900000001/i-0580a5cf4b2e9b11e is not authorized to perform: rds:DescribeDBInstances on resource: arn:aws-us-gov:rds:us-gov-west-1:*****:db:* because no identity-based policy allows the rds:DescribeDBInstances action\n\tstatus code: 403, request id *****-****-**********" agentID=pmm-server/rds component=agent-process type=rds_exporter

Node uses the following role (eks-rds)

[root@pmm-0 opt]# aws sts get-caller-identity
{
    "Account": "***********",
    "UserId": "AROAR7I67PE2QCQJYKWUC:botocore-session-1678308909",
    "Arn": "arn:aws-us-gov:sts::*****:assumed-role/eks-rds/botocore-session-1678308909"
}

Expected Results

It should the service account Role

Actual Results

It uses the Node Role

Version

2.35

Steps to reproduce

No response

Relevant logs

No response

Code of Conduct

• [X] I agree to follow Percona Community Code of Conduct

[dygksy]

Hey @prabinsh Thank you for bringing this issue to our attention in the community. We appreciate your effort in reporting it. I have created a ticket (PMM-11779 ) for our team to investigate and verify this bug. If our engineers can reproduce it, we will prioritize fixing it as soon as possible. During the verification process, we may need to reach out to you for additional information. Thank you for your patience while we work to resolve this issue.