peak
Feature Request: Access Key/ Secret should not be mandatory for connection.
Although we can configure external endpoint via env variable (S3_ENDPOINT_URL), there should be a way to override authentication based on session token alone(principal based auth). Currently AWS_SESSION_TOKEN, still needs ACCESS and SECRET env vars. If there is a provision to override Authorization header by populating an env var CUSTOM_AUTH_TOKEN, all client requests can go to endpoint with that header. S5 is a great tool that can be expanded to cater to more auth mechanisms.
Similar, not sure how closely related: I tried to switch from awscli to s5cmd in a Kubernetes context where auth is configured by setting env vars AWS_ROLE_ARN and AWS_WEB_IDENTITY_TOKEN_FILE. I wasn't able to debug the behaviour, but s5cmd certainly didn't "automagically" work with that the way awscli does.
