Mendix should support all authentication offered by the AWS SDK for its S3 storage

One of our app developped with Mendix would like to store its data on a S3 bucket. Luckily Mendix supports this by providing Runtime Customization | Mendix Documentation . In a nutshell: You only have to provide an accesskey, secretKey, bucketName and Region and your mendix app will store its data on a S3 bucket instead of on the filesystem. However we now would like to use short-term credentials for security reasons. Surprisingly, Mendix does not seem to support this at all for its storage. Actually, the only possible authentication-related configuration is by passing an  "" and a "" as arguments. Why doesn't mendix support all credentials offered by the AWS SDK (ref: DefaultAWSCredentialsProviderChain (AWS SDK for Java - 1.12.638) ( It would make much more sense to me. Is there any plan to support this?   Thank you in advance
4 answers

Hey Arnaud,


If your app is deployed in Mendix cloud, usually it classifies data on 2 categories - Structured and Unstructured data. Structured/SQL data can be stored in its own Postgres DB. For Unstructured, it will use S3 bucket only.


Now when you are using Mendix cloud, you will be having limited access to infrastructure hence you can deploy your app using private cloud and there you can configure your own security for storage



Naman Khard



I don't see how your answer is related to my question. Allow me to ask it differently then:

AWS allows multiple ways of authentication (see DefaultAWSCredentialsProviderChain (AWS SDK for Java - 1.12.638) (

  • Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY (RECOMMENDED since they are recognized by all the AWS SDKs and CLI except for .NET), or AWS_ACCESS_KEY and AWS_SECRET_KEY (only recognized by Java SDK)
  • Java System Properties - aws.accessKeyId and aws.secretKey
  • Web Identity Token credentials from the environment or container
  • Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI
  • Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" environment variable is set and security manager has permission to access the variable,
  • Instance profile credentials delivered through the Amazon EC2 metadata service


However Mendix only supports one of them when configuring S3 as a storage (Runtime Customization | Mendix Documentation). Is there a plan to support other ways in the future? 


Hi Arnaud,


With the Amazon S3 Connector from the marketplace, together with the AWS Authentication Connector, you can use temporary/session credentials to store and read files from S3. 

There is a blogpost "Securely Connect with the AWS Authentication Connector", that describes how to set this up.


Does this help you with your question/request?


Kind regards,

Emiel Paasschens


Hi Emiel, 


I'm afraid it does not answer my question. I think the AWS S3 connector works quite well and does well support short-lived tokens.

The issue is that it is not linked with the S3 Storage Runtime Customization | Mendix Documentation. It seems that Mendix has its own specific parameters regarding the configuration of an S3 bucket as its storage system instead of the filesystem and it is unfortunately completely separate from the AWS S3 connector module you are referring to.