Unfortunately the requirement that users may want to write / read configs from arbitrary locations is not a supported use-case for classic confinement (as @jdstrand mentioned originally). However, personal-files should allow kconnect to be granted access to the most common paths if they are not already available via the home interface - so this should still provide a good user experience.
So I think this thread should revert back to a request for personal-files for the original two locations.
One thing however to note - the currently specified personal-files access for kconnect has a few issues - can you please change it to be as follows:
apps:
kconnect:
command: kconnect
plugs:
- home
- network
- dot-aws-credentials
- dot-kube-config
plugs:
dot-aws-credentials:
interface: personal-files
write:
- $HOME/.aws/credentials
dot-kube-config:
interface: personal-files
write:
- $HOME/.kube/config
ie. write implies read so there is no need to list both, and personal-files instances should be named so that users understand what is being granted - hence the use of two separate instances, each with a descriptive name.