I've trying to assume a role when accessing my eks cluster with kubectl. In my kubeconfig, under the user: section, I've got aws eks get-token --cluster-name --role <myrolearn>... I'm expecting for this for the get-token call to be run prior to my kubectl call and used in my kubectl call and thus ignoring whatever aws config i've got setup via ~/.aws/credentials. Am I understanding this correctly?