In both EDC 10.2.2 and 10.4.1.x, I've been able to successfully use IAM authentication without entering the access key and secret key.
These keys used to be mandatory in a much older version of EDC and have not been mandatory since EDC version 10.2.2.
1. Keep the access key and secret key blank in the EDC S3 resource configuration
2. Setup IAM Auth between the EDC servers, profiling node servers and EDC hadoop / nomad cluster nodes and the S3 bucket
3. Enter the "Amazon Web Services Bucket URL" and "Amazon Web Services Bucket Name" and "Source Directory"
4. Click Test Connection
It should succeed and you should be able to run the scanner to harvest metadata and run profiling.