A aws credentials file (there’s an example shown here: Configuration and credential file settings - AWS Command Line Interface) should just work. When that file is located in the home of the user calling restic, then it should be picked up automatically, as long as none of the aws environment variables is set. Btw, which restic version are you using?