diff --git a/extensions/AWS/S3/AWSS3Config.cs b/extensions/AWS/S3/AWSS3Config.cs
index 65c15a6e5..6c3b4e320 100644
--- a/extensions/AWS/S3/AWSS3Config.cs
+++ b/extensions/AWS/S3/AWSS3Config.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft. All rights reserved.
+// Copyright (c) Microsoft. All rights reserved.
 
 using System.Text.Json.Serialization;
 
@@ -13,6 +13,7 @@ public enum AuthTypes
     {
         Unknown = -1,
         AccessKey,
+        CredentialChain,
     }
 
     public AuthTypes Auth { get; set; } = AuthTypes.Unknown;
@@ -45,14 +46,17 @@ public void Validate()
             throw new ConfigurationException($"Authentication type '{this.Auth}' undefined or not supported");
         }
 
-        if (string.IsNullOrWhiteSpace(this.AccessKey))
+        if (this.Auth == AuthTypes.AccessKey)
         {
-            throw new ConfigurationException("S3 Access Key is undefined");
-        }
+            if (string.IsNullOrWhiteSpace(this.AccessKey))
+            {
+                throw new ConfigurationException("S3 Access Key is undefined");
+            }
 
-        if (string.IsNullOrWhiteSpace(this.SecretAccessKey))
-        {
-            throw new ConfigurationException("S3 Secret Key Access undefined");
+            if (string.IsNullOrWhiteSpace(this.SecretAccessKey))
+            {
+                throw new ConfigurationException("S3 Secret Key Access undefined");
+            }
         }
 
         if (string.IsNullOrWhiteSpace(this.BucketName))
diff --git a/extensions/AWS/S3/AWSS3Storage.cs b/extensions/AWS/S3/AWSS3Storage.cs
index 1c54d6b95..06b356249 100644
--- a/extensions/AWS/S3/AWSS3Storage.cs
+++ b/extensions/AWS/S3/AWSS3Storage.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft. All rights reserved.
+// Copyright (c) Microsoft. All rights reserved.
 
 using System;
 using System.Collections.Generic;
@@ -43,6 +43,15 @@ public AWSS3Storage(
                 );
                 break;
             }
+            case AWSS3Config.AuthTypes.CredentialChain:
+            {
+                this._client = new AmazonS3Client(new AmazonS3Config
+                {
+                    ServiceURL = config.Endpoint,
+                    LogResponse = true
+                });
+                break;
+            }
 
             default:
                 this._log.LogCritical("Authentication type '{0}' undefined or not supported", config.Auth);
diff --git a/service/Service/appsettings.json b/service/Service/appsettings.json
index 5519ff8d2..aa1970bef 100644
--- a/service/Service/appsettings.json
+++ b/service/Service/appsettings.json
@@ -242,6 +242,7 @@
         "HttpClientName": ""
       },
       "AWSS3": {
+        // "AccessKey" or "CredentialChain". For other options see <AWSS3Config>.
         "Auth": "AccessKey",
         // AccessKey ID, required when using AccessKey auth
         // Note: you can use an env var 'KernelMemory__Services__AWSS3__AccessKey' to set this