I am using Nginx Ingress service to authenticate devices so they can go through and start using services in my kubernetes cluster. I have tried to use nginx.ingress.kubernetes.io/auth-url: in my Ingress annotations field where URL gave 200 OK and I could get into my cluster. Now, I do not have credentials that can be obtained that easily and I am using AWS IoT core to register the device and ask for the token from IAM credentials to obtain my token and sign my certificate. I was thinking to put the token request URL into the same nginx.ingress.kubernetes.io/auth-url: field so it can get OK request and move my device as I do not need that token anyway. However, I cannot pass headers and my credentials into one single URL request as an example CURL request looks like this:

curl --cert deviceCert.pfx --pass <certificate-password> --key <device-certificate-key-pair> -H "x-amzn-iot-thingname: MyHomeThermostat" https://<your_credentials_provider_endpoint>/role-aliases/Thermostat-dynamodb-access-role-alias/credentials

And I did not find some CURL methods HERE

What are my choices here?

P.S. I am using this tutorial to register my device and obtain token LINK

Here is my example Ingress yaml file that I have used previously when I could obtain credentials via simple URL:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: server-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/grpc-backend: "true"
    nginx.ingress.kubernetes.io/secure-backends: "false"
    nginx.ingress.kubernetes.io/auth-url: "http://token-vendor.default.svc.cluster.local/apis/core.token-vendor/v1/token.verify?robots=true"
spec:
  rules:
  - host: "www.endpoints.interesting-topic-267521.cloud.goog"
    http:
      paths:
        path: /sensor.TF/
        backend:
          serviceName: server-service
          servicePort: 50051