Yes, it’s possible to run Mendix S3 storage using the AWS SDK’s Default Credentials Provider Chain (which includes ~/.aws/credentials) — but only if you do not set the Mendix access key/secret constants and you make sure the AWS credentials “environment” is actually visible to the JVM process (env vars, shared credentials file path, profile, region, permissions). Otherwise you’ll see the exact error you pasted.
Your error means the chain did not find valid credentials, so the S3 client was never created.
Remove these Mendix settings:
com.mendix.storage.s3.AccessKeyId
com.mendix.storage.s3.SecretAccessKey
(If they exist, Mendix will NOT use the default credentials chain.) [github.com]
Ensure the AWS credentials file is visible to the JVM:
Put credentials in ~/.aws/credentials, and make sure the Mendix runtime user actually has that home directory.
OR set:
ShellAWS_SHARED_CREDENTIALS_FILE=/path/to/credentialsAWS_PROFILE=defaultShow more lines
The default chain will then load it.
Set an AWS region (required for S3):
Use com.mendix.storage.s3.Region
OR set env var AWS_REGION=your-region.
Missing region causes S3 failures. [apidocs.rn...mendix.com]
I hope it helps
hi,
Yes, it is technically possible to use AWS credentials from a credentials file, but not automatically in the way you are attempting unless the AWS SDK credential provider chain is correctly configured and supported by the Mendix runtime environment.
Let’s clarify what is happening.
When you configure:
com.mendix.storage.s3.AccessKeyIdcom.mendix.storage.s3.SecretAccessKeyMendix directly initializes the S3 client using those explicit credentials.
When you remove them, Mendix falls back to the AWS SDK DefaultAWSCredentialsProviderChain.
If that chain cannot resolve credentials, you get the error:
S3 client not set … or environment for DefaultAWSCredentialsProviderChain needs to be set up
This means the AWS SDK could not find valid credentials in any of its supported sources.
The AWS SDK checks credentials in this order:
AWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEYaws.accessKeyIdaws.secretKey~/.aws/credentials fileIf none of these are available to the Mendix runtime process, credential resolution fails.
~/.aws/credentials Is Not WorkingIn Mendix Cloud or other managed environments:
-Daws.sharedCredentialsFile may not be applied correctly to the runtime JVMIn Mendix Cloud specifically, access to arbitrary filesystem paths is restricted.
If running in Mendix Cloud:
Use environment variables instead of credentials file.
Set in Environment Variables:
AWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEYOr preferably:
Use IAM roles if supported by the hosting environment.
This aligns with AWS and Mendix best practices.
If running on your own infrastructure:
You can use the credentials file provided that:
Example JVM parameter:
-Daws.sharedCredentialsFile=/path/to/.aws/credentials
Additionally, ensure the profile is either default or specify:
-Daws.profile=your-profile-name
When it says:
"environment for DefaultAWSCredentialsProviderChain needs to be set up"
It means:
The AWS SDK credential resolution chain could not find valid credentials in:
It does not refer to Mendix environment specifically, but to AWS SDK environment configuration.
For production systems:
This ensures:
Yes, using a credentials file is possible in self-managed environments if the AWS SDK can access it.
However, in Mendix Cloud environments, the recommended and supported approach is to use environment variables or IAM-based authentication rather than relying on ~/.aws/credentials.
This behavior is consistent with AWS SDK credential resolution design and Mendix S3 storage configuration.
Thank you for help but that doesn't work.
On my Mendix Studio Pro, in my setting, I set up the following custom configurations :
And in Extra JVM parameters :
-Daws.sharedCredentialsFile="C:\temp\myapp\.aws\credentials" -Daws.profile=default
I get the same error. I tried different values for the sharedCredentialsFile.