The complete journey of building a secret-less, multi-cloud workflow, detailing the failed attempts with direct IAM federation, KMS, and the final, robust solution using Cognito and Azure AD Workload Identity Federation.