Unable to create `ClusterSecretStore` in AWS in the `ap-southeast-7` ( new region )

[peepeepopapapeepeepo]

Describe the bug
Unable to create ClusterSecretStore in AWS in the ap-southeast-7 region.

To Reproduce
Steps to reproduce the behavior:

1. deploy external-secrets with helm using terraform:

   module "external_secrets" {
     source = "github.com/aws-ia/terraform-aws-eks-blueprints?ref=v4.32.1//modules/kubernetes-addons/external-secrets"
   
     helm_config = {
       version = "0.12.1"
     }
   
     addon_context = var.addon_context
   }

2. create ClusterSecretStore:

   apiVersion: external-secrets.io/v1beta1
   kind: ClusterSecretStore
   metadata:
     name: "cluster-secret-store"
   spec:
     provider:
       aws:
         service: SecretsManager
         region: ap-southeast-7
         auth:
           jwt:
             serviceAccountRef:
               name: "external-secrets-sa"
               namespace: "external-secrets"

   Got this error:

   Error from server (Forbidden): error when creating "STDIN": admission webhook "validate.clustersecretstore.external-secrets.io" denied the request: region not found: ap-southeast-7

Expected behavior
ClusterSecretStore should be created in ap-southeast-7 which is the new region

Screenshots
NA

Additional context

• AWS Thailand region was launched on Jan 7th, 2025
• aws-sdk-go-v2 have just supported ap-southeast-7 since Release (2025-01-08)

[Skarlso]

Hello.

This means that the user you are using doesn't have access to that region. We do an endpoints check when creating the secret store. Check if the service account and the related iam policies allow listing that region.

[Skarlso]

Oh wait. AWS SDK v1 doesn't support this region? We aren't using sdk v2.

[Skarlso]

I guess, we should update the SDK. That's a massive undertaking though. But we need to do it at some point

[gusfcarvalho]

we will likely bounty #4310. Anyone interested please manifest over #external-secrets-dev Kubernetes Slack Channel 😄

[lucklove]

Same with me but with ap-southeast-5.

[175009]

Do you have an ETA for the release?

[gusfcarvalho]

Do you have an ETA for the release?

No ETAs 😄, this is a community driven project. You can always contribute to the v2 sdk switch if you really need this.

Alternatively, if you are using this for business purposes and lack the skills to contribute - you can ask your company to:

• hire maintainers / OSS Consultants to do that for your org as this is a requirement from your org
• Use an enterprise supported version (e.g. from https://externalsecrets.com or from https://redhat.com) and actually get SLAs and ETAs (better than having a business depending on 'whenever the community members feel like doing it').

[Skarlso]

There is an ongoing pr here: #4484

It's up to the fantastic work of @Ilhan-Personal. For which we are grateful.

[Skarlso]

FYI: The relating upgrade has been merged. It's not released yet, thought.