diff --git a/README.md b/README.md
index 9ffd8c68..94dc79ed 100644
--- a/README.md
+++ b/README.md
@@ -336,6 +336,11 @@ For the usage with a AWS S3 Bucket, you just need to specify the following optio
 
 If you specify the s3-region, you don't need to set the endpoint URL since the correct endpoint will used automatically.
 
+If you don't explicitly specify the aws-access-key and aws-secret-key, the AWS default credential provider chain is used. so support:
+- Shared credentials/config files (~/.aws/credentials, ~/.aws/config)
+- EC2/ECS instance roles
+- EKS Pod Identity
+
 <br />
 
 ### Custom S3 providers
diff --git a/cmd/cmd.go b/cmd/cmd.go
index 3c1eece4..fd2d80d6 100644
--- a/cmd/cmd.go
+++ b/cmd/cmd.go
@@ -484,11 +484,9 @@ func New() *Cmd {
 
 		switch provider := c.String("provider"); provider {
 		case "s3":
-			if accessKey := c.String("aws-access-key"); accessKey == "" {
-				return errors.New("access-key not set.")
-			} else if secretKey := c.String("aws-secret-key"); secretKey == "" {
-				return errors.New("secret-key not set.")
-			} else if bucket := c.String("bucket"); bucket == "" {
+			accessKey := c.String("aws-access-key")
+			secretKey := c.String("aws-secret-key")
+			if bucket := c.String("bucket"); bucket == "" {
 				return errors.New("bucket not set.")
 			} else if store, err := storage.NewS3Storage(c.Context, accessKey, secretKey, bucket, purgeDays, c.String("s3-region"), c.String("s3-endpoint"), c.Bool("s3-no-multipart"), c.Bool("s3-path-style"), logger); err != nil {
 				return err
diff --git a/server/storage/s3.go b/server/storage/s3.go
index 5c1e3a05..be669507 100644
--- a/server/storage/s3.go
+++ b/server/storage/s3.go
@@ -179,6 +179,9 @@ func (s *S3Storage) Put(ctx context.Context, token string, filename string, read
 func (s *S3Storage) IsRangeSupported() bool { return true }
 
 func getAwsConfig(ctx context.Context, accessKey, secretKey string) (aws.Config, error) {
+	if accessKey == "" || secretKey == "" {
+		return config.LoadDefaultConfig(ctx)
+	}
 	return config.LoadDefaultConfig(ctx,
 		config.WithCredentialsProvider(credentials.StaticCredentialsProvider{
 			Value: aws.Credentials{