This is currently a limitation of the AWS C++ SDK and needs some changes to the FDBAWSCredentialsProvider.cpp , one of the issues in the AWS C++ SDK had a "solution": aws/aws-sdk-cpp#150 (comment). It would be great to add support for assuming a role with the source_profile to allow such configurations to make use of the SDK auth.

There are some other limitation around the AWS C++ SDK that should be documented like: aws/aws-sdk-cpp#1963.

#10880 fixes this.

the proposed change in github issue is to use a AWSCredentialsProvider who consists of multiple credentials. While AWS client can accepts a AWSCredentialsProvider OR a single credential, and AWSClient can find the correct credential smartly when used. Unfortunately our code only gets a single credential and use it for a connection, so I guess refactoring our code to use AWS client is the way to go.. Let me know
AWS:
S3Client constructor is called here
it finally goes to AWSClient constructor here
when it is used, it get different creds by name here
Our code
S3BlobStoreEndpoint get a single credential and construct a S3BlobStoreEndpoint::Credentials to build connection here

so it seems a major refactor on fdb side to adopt aws client is needed