I used to add the AWS credentials into elasticsearch (ECK) keystore to backup to AWS S3. And then I was told that this is not a recommended good practice but should use pod identity or environment variables injected by it. How to configure the ECK to use this instead of using iam user/secret key pair?