Only use accessKey and secretKey if they are not blank

src/main/java/com/cloudbees/jenkins/plugins/awscredentials/AWSCredentialsImpl.java

@@ -169,7 +169,12 @@
     public AwsCredentials resolveCredentials() {
 
         if (StringUtils.isBlank(iamRoleArn)) {
-            return AwsBasicCredentials.create(accessKey, secretKey.getPlainText());
+            if (StringUtils.isBlank(accessKey) && StringUtils.isBlank(secretKey.getPlainText())) {
+                // AWS SDK v2 does not allow blank accessKey and secretKey
+                return null;
+            } else {
+                return AwsBasicCredentials.create(accessKey, secretKey.getPlainText());
+            }
         } else {
             AwsCredentialsProvider baseProvider;
             // Handle the case of delegation to instance profile

src/main/java/com/cloudbees/jenkins/plugins/awscredentials/AmazonWebServicesCredentialsBinding.java

@@ -139,8 +139,10 @@
         AwsCredentials credentials = provider.resolveCredentials();
 
         Map<String, String> m = new HashMap<String, String>();
-        m.put(accessKeyVariable, credentials.accessKeyId());
-        m.put(secretKeyVariable, credentials.secretAccessKey());
+        if (credentials != null) {
+            m.put(accessKeyVariable, credentials.accessKeyId());
+            m.put(secretKeyVariable, credentials.secretAccessKey());
+        }
 
         // If role has been assumed, STS requires AWS_SESSION_TOKEN variable set too.
         if (credentials instanceof AwsSessionCredentials) {