[ci:component:github.com/gardener/gardener-extension-provider-aws:v1.42.1->v1.43.0]

[gardener-robot-ci-3]

Release Notes:

Added `cloudprovider` webhook part of `gardener-extension-provider-aws` which ensures that the `cloudprovider` secret has the `credentialsFile` field present. The format of this field can be found in [this documentation](https://docs.aws.amazon.com/sdkref/latest/guide/file-format.html).

The `cloud-controler-manager` and `csi-driver-controller` deployments now use an AWS credentials file for authentication.

The `csi-snapshot-validation` Service deployed by the provider-aws extension and the provider-aws's `gardener-extension-provider-aws` Service can now be topology-aware (depending on the Seed setting and the Shoot HA failure tolerance type). For more details, see the [Topology-aware Traffic Routing documentation](https://github.com/gardener/gardener/blob/v1.66.0/docs/usage/topology_aware_routing.md).

Fix an issue where `shoot` reconciliation would fail when `sshAccess` was disabled.

Add support for IMDSv2

Adapted extension components to support the [FullNetworkPoliciesInRuntimeCluster](https://github.com/gardener/gardener/blob/master/docs/deployment/feature_gates.md#list-of-feature-gates) feature gate introduced by `gardener/gardener` v1.66, see [here](https://github.com/gardener/gardener/blob/master/docs/concepts/resource-manager.md#networkpolicy-controller) and [#7352](https://github.com/gardener/gardener/pull/7589) for more information.

`csi-driver-node` is annotated with the `wait-for-csi-node` annotation. Gardener uses this to only schedule workload pods to a `Node` once the driver has been successfully registered with the `CSINode` object.

Update TF_VERSION `0.15.5` -> `1.3.9` and update how the local providers are fetched and stored to be compatible with the latest TF specification.

Dropped validation for `KeyName` in `AWSProviderSpec`.

`KeyName` in `AWSProviderSpec` struct has been changed to a `pointer`.

added support to modify instance metadata parameters for a VM through machineClass only during creation. This could be used to enable instance metadatav2 to containerised environment

CVE categorization for mcm-provider-aws has been added.

aws-ebs-csi-driver has been updated `v1.14.1 -> v1.17.0`

cloud-controller-manager has been updated `v1.26.0 -> v1.26.1`

The default VolumeSnapshotClass managed by `provider-aws` does now properly define this VolumeSnapshotClass as default one. Previously there was a typo in the annotation value for `snapshot.storage.kubernetes.io/is-default-class`, hence the VolumeSnapshotClass was never considered as default one by the external-snapshotter and the VolumeSnapshotClass defaulting was never working as expected.
If you already deploy your own default VolumeSnapshotClass, then consider disabling provider-aws's default VolumeSnapshotClass (using the `storage.managedDefaultClass` field in the controlPlaneConfig) as having more than 1 default VolumeSnapshotClass will prevent external-snapshotter to default the `spec.volumeSnapshotClassName` of a VolumeSnapshot.

The stale healthcheck conditions from the extension are now properly cleaned up.

Fix an issue that allows duplicate zones in the infrastructure.

An edge case where all the machineSets were scaled down to zero has been dealt with.

An issue has been fixed which caused undesired `PATCH` requests when updating the state in the `Worker` or `ShootState` resources.

Bump golang.org/x/net from 0.2.0 to 0.7.0

Bump builder image from `golang:1.19.5` to `golang:1.20.2`

The `gardener-extension-admission-aws` Service in the `gardener-extension-admission-aws` chart can now be configured to be topology-aware.

An issue causing provider-aws to wrongly delete the `extensions.gardener.cloud:provider-aws:csi-snapshot-validation` ClusterRole and ClusterRoleBinding from the Seed cluster on every Shoot deletion is now fixed.

[gardener-robot]

@gardener-robot-ci-3 Thank you for your contribution.