Thanks for a great product!

Self-hosted instances may be in an environment where AWS access keys are discouraged. Could you remove the requirement to have AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY explicitly set?

If the Rust S3 client is configured to use the default retrieval order, then the environment variables will still be used first; however, other methods like attaching an IAM policy to an ECS task or EC2 instance will also work (options 4 and 5 in the credential retrieval order).

I believe the change could be made in the convex-backend/crates/aws_utils/src/lib.rs file to update must_config_from_env(). Maybe you could add another environment variable like AWS_CREDENTIALS_METHOD that could override the Convex default and allow the S3 Rust client default.