Is your feature request related to a problem? Please describe.
We have a significant foorptint in AWS, and the AWS Workload Identity Federation is VERY compelling to us, but the feature as implemented today only supports 2 of 11 official credential sources for AWS:
https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html#configuring-credentials

1. Passing credentials as parameters in the boto3.client() method
2. Passing credentials as parameters when creating a Session object
3. Environment variables
4. Assume role provider
5. Assume role with web identity provider
6. AWS IAM Identity Center credential provider
7. Shared credential file (~/.aws/credentials)
8. AWS config file (~/.aws/config)
9. Boto2 config file (/etc/boto.cfg and ~/.boto)
10. Container credential provider
11. Instance metadata service on an Amazon EC2 instance that has an IAM role configured.

Describe the solution you'd like
of the ones listed,#10, the container (Docker: ECS, Fargate, etc...) credential provider is most interesting to us, as most of our workloads are conatainerized.

Describe alternatives you've considered
As an experiment, I actually made a code modification in auth/aws.py that's fairly simple, but I dont know how good of a practice it is. the AWS libraries, specifically boto3 (which requires botocore) have built in functions to retrieve the credentials from all the official sources. for example
import boto3 boto3.Session().get_credentials()
returns a credential object. I simply inserted a block at the beginning of the get_aws_security_credentials function that uses that, if boto3 is available.

Patch/Diff:

--- google/auth/aws.py.orig     2025-07-07 16:18:28.503658900 -0400+++ google/auth/aws.py  2025-07-07 16:39:44.508200400 -0400@@ -420,6 +420,18 @@     @_helpers.copy_docstring(AwsSecurityCredentialsSupplier)     def get_aws_security_credentials(self, context, request):+        #see if we can use botos built in code for this. if boto3 is in the+        #environment and can be loaded, use it. otherwise, fallback to googles code+        try:+            import boto3+            botocreds = boto3.Session().get_credentials()+            return AwsSecurityCredentials(+                botocreds.access_key,+                botocreds.secret_key,+                botocreds.token,+            )+        except Exception as e:+            pass         # Check environment variables for permanent credentials first.         # https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html

I'm curious if the maintainers here would consider this too "Hacky", or if a PR with this change would be welcomed. Or, what changes might make it acceptable, if it isn't already.