diff --git a/packages/nodes-base/credentials/Aws.credentials.ts b/packages/nodes-base/credentials/Aws.credentials.ts
index efb5fe59aa0262..42ba19cf7f6ef2 100644
--- a/packages/nodes-base/credentials/Aws.credentials.ts
+++ b/packages/nodes-base/credentials/Aws.credentials.ts
@@ -31,6 +31,29 @@ export class Aws implements ICredentialType {
 				password: true,
 			},
 		},
+		{
+			displayName: 'Temporary Credentials',
+			name: 'temporaryCredentials',
+			description: 'Support for temporary credentials from AWS STS',
+			type: 'boolean',
+			default: false,
+		},
+		{
+			displayName: 'Session Token',
+			name: 'sessionToken',
+			type: 'string',
+			displayOptions: {
+				show: {
+					temporaryCredentials: [
+						true,
+					],
+				},
+			},
+			default: '',
+			typeOptions: {
+				password: true,
+			},
+		},
 		{
 			displayName: 'Custom Endpoints',
 			name: 'customEndpoints',
diff --git a/packages/nodes-base/nodes/Aws/S3/GenericFunctions.ts b/packages/nodes-base/nodes/Aws/S3/GenericFunctions.ts
index 1aa593e5c3644e..8ea80366c6e981 100644
--- a/packages/nodes-base/nodes/Aws/S3/GenericFunctions.ts
+++ b/packages/nodes-base/nodes/Aws/S3/GenericFunctions.ts
@@ -41,8 +41,13 @@ export async function awsApiRequest(this: IHookFunctions | IExecuteFunctions | I
 	// Sign AWS API request with the user credentials
 	const signOpts = {headers: headers || {}, host: endpoint.host, method, path: `${endpoint.pathname}?${queryToString(query).replace(/\+/g, '%2B')}`, body} as Request;
 
+	const securityHeaders = { 
+		accessKeyId: `${credentials.accessKeyId}`.trim(),
+		secretAccessKey: `${credentials.secretAccessKey}`.trim(),
+		sessionToken: credentials.temporaryCredentials ? credentials.sessionToken.trim() : undefined
+	};
 
-	sign(signOpts, { accessKeyId: `${credentials.accessKeyId}`.trim(), secretAccessKey: `${credentials.secretAccessKey}`.trim()});
+	sign(signOpts, securityHeaders);
 
 	const options: OptionsWithUri = {
 		headers: signOpts.headers,