diff --git a/CHANGELOG.md b/CHANGELOG.md
index 71a7e0622204c81fcc35c1143421f6c029c8860b..4610e35d661e6353193bf49861aa5b4edf92605f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,10 @@
+# [7.2.0](https://gitlab.com/to-be-continuous/kubernetes/compare/7.1.1...7.2.0) (2025-02-24)
+
+
+### Features
+
+* **AWS:** add AWS authent with STS ([a08a897](https://gitlab.com/to-be-continuous/kubernetes/commit/a08a897a2615d0c7e984ebee8842d795cf6d84b9))
+
 ## [7.1.1](https://gitlab.com/to-be-continuous/kubernetes/compare/7.1.0...7.1.1) (2025-02-03)
 
 
diff --git a/README.md b/README.md
index f2e88cdd14a3aec308d1ab51c766d58cedeb50b6..6ccb482cbecacd1a85f1a866487e0340554b8705 100644
--- a/README.md
+++ b/README.md
@@ -16,7 +16,7 @@ Add the following to your `.gitlab-ci.yml`:
 ```yaml
 include:
   # 1: include the component
-  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8s@7.1.1
+  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8s@7.2.0
     # 2: set/override component inputs
     inputs:
       # ⚠ this is only an example
@@ -35,7 +35,7 @@ Add the following to your `.gitlab-ci.yml`:
 include:
   # 1: include the template
   - project: 'to-be-continuous/kubernetes'
-    ref: '7.1.1'
+    ref: '7.2.0'
     file: '/templates/gitlab-ci-k8s.yml'
 
 variables:
@@ -523,12 +523,12 @@ With:
 ```yaml
 include:
   # main template
-  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8s@7.1.1
+  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8s@7.2.0
     inputs:
       # ⚠ oc-container image (includes required curl)
       kubectl-image: registry.hub.docker.com/docker.io/appuio/oc:v4.14
   # Vault variant
-  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8s-vault@7.1.1
+  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8s-vault@7.2.0
     inputs:
       # audience claim for JWT
       vault-oidc-aud: "https://vault.acme.host"
@@ -589,9 +589,9 @@ With a common default `GCP_OIDC_PROVIDER` and `GCP_OIDC_ACCOUNT` configuration f
 ```yaml
 include:
   # main template
-  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8s@7.1.1
+  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8s@7.2.0
   # Google Cloud variant
-  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8ss-gcp@7.1.1
+  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8ss-gcp@7.2.0
     inputs:
       # common OIDC config for non-prod envs
       gcp-oidc-provider: "projects/<gcp_nonprod_proj_id>/locations/global/workloadIdentityPools/<pool_id>/providers/<provider_id>"
@@ -634,9 +634,9 @@ With a common default `AWS_OIDC_ROLE_ARN`  configuration for non-prod environmen
 ```yaml
 include:
   # main template
-  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8s@7.1.1
+  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8s@7.2.0
   # AWS variant
-  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8s-aws@7.1.1
+  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8s-aws@7.2.0
     inputs:
       # common OIDC config for non-prod envs
       aws-oidc-role-arn: "arn:aws:iam::<project_id>:role/<role_name>"
diff --git a/templates/gitlab-ci-k8s-vault.yml b/templates/gitlab-ci-k8s-vault.yml
index 0e8355a9fc5bd88ccede027a23ad8c2c3d0bb2c4..ce5c663b1d850660b8905e3dbe7eb3ed8967302a 100644
--- a/templates/gitlab-ci-k8s-vault.yml
+++ b/templates/gitlab-ci-k8s-vault.yml
@@ -22,7 +22,7 @@ variables:
 .k8s-base:
   services:
     - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "--port", "8082", "kubernetes", "7.1.1"]
+      command: ["--service", "--port", "8082", "kubernetes", "7.2.0"]
     - name: "$TBC_VAULT_IMAGE"
       alias: "vault-secrets-provider"
   variables:
diff --git a/templates/gitlab-ci-k8s.yml b/templates/gitlab-ci-k8s.yml
index 0a38b169c5c4c0de18013adbae753c3cebbfde07..78eeb7d0a888d4dee3819cb0e29775b35b6a873b 100644
--- a/templates/gitlab-ci-k8s.yml
+++ b/templates/gitlab-ci-k8s.yml
@@ -862,7 +862,7 @@ stages:
     entrypoint: [""]
   services:
     - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "kubernetes", "7.1.1"]
+      command: ["--service", "kubernetes", "7.2.0"]
   before_script:
     - !reference [.k8s-scripts]
     - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"