diff --git a/store/dynamodb/db.go b/store/dynamodb/db.go
index 637690dc..a46ffedb 100644
--- a/store/dynamodb/db.go
+++ b/store/dynamodb/db.go
@@ -63,10 +63,10 @@ type Config struct {
 	GetAllLimit int
 
 	// AccessKey is the AWS AccessKey credential.
-	AccessKey string `validate:"required"`
+	AccessKey string
 
 	// SecretKey is the AWS SecretKey credential.
-	SecretKey string `validate:"required"`
+	SecretKey string
 
 	// DisableDualStack indicates whether the connection to the DB should be
 	// dual stack (IPv4 and IPv6).
@@ -96,6 +96,7 @@ func NewDynamoDB(config Config, measures metric.Measures) (store.S, error) {
 	}
 
 	var creds credentials.Value
+	var awsConfig aws.Config
 	if config.RoleBasedAccess {
 		awsRegion, err := getAwsRegionForRoleBasedAccess(config)
 		if err != nil {
@@ -109,30 +110,27 @@ func NewDynamoDB(config Config, measures metric.Measures) (store.S, error) {
 			return nil, err
 		}
 
-		value, err := sess.Config.Credentials.Get()
-		if err != nil {
-			return nil, err
-		}
-
-		creds = credentials.Value{
-			AccessKeyID:     value.AccessKeyID,
-			SecretAccessKey: value.SecretAccessKey,
-			SessionToken:    value.SessionToken,
-		}
+		awsConfig = *aws.NewConfig().
+			WithEndpoint(config.Endpoint).
+			WithUseDualStack(!config.DisableDualStack).
+			WithMaxRetries(config.MaxRetries).
+			WithCredentialsChainVerboseErrors(true).
+			WithRegion(config.Region).
+			WithCredentials(sess.Config.Credentials)
 	} else {
 		creds = credentials.Value{
 			AccessKeyID:     config.AccessKey,
 			SecretAccessKey: config.SecretKey,
 		}
-	}
 
-	awsConfig := *aws.NewConfig().
-		WithEndpoint(config.Endpoint).
-		WithUseDualStack(!config.DisableDualStack).
-		WithMaxRetries(config.MaxRetries).
-		WithCredentialsChainVerboseErrors(true).
-		WithRegion(config.Region).
-		WithCredentials(credentials.NewStaticCredentialsFromCreds(creds))
+		awsConfig = *aws.NewConfig().
+			WithEndpoint(config.Endpoint).
+			WithUseDualStack(!config.DisableDualStack).
+			WithMaxRetries(config.MaxRetries).
+			WithCredentialsChainVerboseErrors(true).
+			WithRegion(config.Region).
+			WithCredentials(credentials.NewStaticCredentialsFromCreds(creds))
+	}
 
 	svc, err := newService(awsConfig, "", config.Table, int64(config.GetAllLimit), &measures)
 	if err != nil {