diff --git a/aws/src/main/java/org/apache/iceberg/aws/AwsClientFactories.java b/aws/src/main/java/org/apache/iceberg/aws/AwsClientFactories.java
index 90ccd522fda2..9dab7b6df6be 100644
--- a/aws/src/main/java/org/apache/iceberg/aws/AwsClientFactories.java
+++ b/aws/src/main/java/org/apache/iceberg/aws/AwsClientFactories.java
@@ -124,14 +124,16 @@ public S3AsyncClient s3Async() {
       if (s3FileIOProperties.isS3CRTEnabled()) {
         return S3AsyncClient.crtBuilder()
             .applyMutation(awsClientProperties::applyClientRegionConfiguration)
-            .applyMutation(awsClientProperties::applyClientCredentialConfigurations)
+            .applyMutation(
+                b -> s3FileIOProperties.applyCredentialConfigurations(awsClientProperties, b))
             .applyMutation(s3FileIOProperties::applyEndpointConfigurations)
             .applyMutation(s3FileIOProperties::applyS3CrtConfigurations)
             .build();
       }
       return S3AsyncClient.builder()
           .applyMutation(awsClientProperties::applyClientRegionConfiguration)
-          .applyMutation(awsClientProperties::applyClientCredentialConfigurations)
+          .applyMutation(
+              b -> s3FileIOProperties.applyCredentialConfigurations(awsClientProperties, b))
           .applyMutation(s3FileIOProperties::applyEndpointConfigurations)
           .build();
     }
diff --git a/aws/src/main/java/org/apache/iceberg/aws/s3/S3FileIOProperties.java b/aws/src/main/java/org/apache/iceberg/aws/s3/S3FileIOProperties.java
index 928118346ffb..3024ff5bcb3f 100644
--- a/aws/src/main/java/org/apache/iceberg/aws/s3/S3FileIOProperties.java
+++ b/aws/src/main/java/org/apache/iceberg/aws/s3/S3FileIOProperties.java
@@ -38,6 +38,7 @@
 import org.apache.iceberg.util.PropertyUtil;
 import org.apache.iceberg.util.SerializableMap;
 import software.amazon.awssdk.auth.credentials.AnonymousCredentialsProvider;
+import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
 import software.amazon.awssdk.core.client.config.ClientOverrideConfiguration;
 import software.amazon.awssdk.core.client.config.SdkAdvancedClientOption;
 import software.amazon.awssdk.core.exception.SdkServiceException;
@@ -49,6 +50,7 @@
 import software.amazon.awssdk.core.retry.conditions.RetryOnExceptionsCondition;
 import software.amazon.awssdk.core.retry.conditions.TokenBucketRetryCondition;
 import software.amazon.awssdk.services.s3.S3AsyncClientBuilder;
+import software.amazon.awssdk.services.s3.S3BaseClientBuilder;
 import software.amazon.awssdk.services.s3.S3ClientBuilder;
 import software.amazon.awssdk.services.s3.S3Configuration;
 import software.amazon.awssdk.services.s3.S3CrtAsyncClientBuilder;
@@ -958,12 +960,20 @@ private boolean keyIdAccessKeyBothConfigured() {
     return (accessKeyId == null) == (secretAccessKey == null);
   }
 
-  public <T extends S3ClientBuilder> void applyCredentialConfigurations(
+  public <T extends S3BaseClientBuilder<T, ?>> void applyCredentialConfigurations(
       AwsClientProperties awsClientProperties, T builder) {
-    builder.credentialsProvider(
-        isRemoteSigningEnabled
-            ? AnonymousCredentialsProvider.create()
-            : awsClientProperties.credentialsProvider(accessKeyId, secretAccessKey, sessionToken));
+    builder.credentialsProvider(getCredentialsProvider(awsClientProperties));
+  }
+
+  public <T extends S3CrtAsyncClientBuilder> void applyCredentialConfigurations(
+      AwsClientProperties awsClientProperties, T builder) {
+    builder.credentialsProvider(getCredentialsProvider(awsClientProperties));
+  }
+
+  private AwsCredentialsProvider getCredentialsProvider(AwsClientProperties awsClientProperties) {
+    return isRemoteSigningEnabled
+        ? AnonymousCredentialsProvider.create()
+        : awsClientProperties.credentialsProvider(accessKeyId, secretAccessKey, sessionToken);
   }
 
   /**