As @lucyllewy says above, the need to access or manage ~/.aws is not sufficient reason to grant classic confinement and instead this is better served by a personal-files interface for write to ~/.aws - however since lookauth-lite is not a clear owner of this path this may be problematic to grant auto-connection for (although the description of lookauth-lite does make it clear that the snap is used to manage AWS credentials etc so perhaps this would be sufficient).
@beSharp could you please see if a personal-files declaration as described above is sufficient for lookauth-lite and we can then perhaps look at changing this request from classic confinement to auto-connection of personal-files instead?