diff --git a/docs/supported-storage-providers.md b/docs/supported-storage-providers.md
index 8d49e123..0c6a3b97 100644
--- a/docs/supported-storage-providers.md
+++ b/docs/supported-storage-providers.md
@@ -16,6 +16,10 @@ AWS credentials and configuration are loaded as described in the AWS SDK documen
 For example, you can set environment variables `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, or create a file
 `~/.aws/credentials` with AWS credentials.
 
+If running in an AWS Lambda Function, temporary credentials (including an
+`AWS_SESSION_TOKEN`) are automatically created and you do not need to manually
+configure these.
+
 Specify the region using the `AWS_REGION` environment variable, or in `~/.aws/config`.
 
 ## Configure Google Cloud Storage
diff --git a/src/plugins/remote-cache/storage/s3.ts b/src/plugins/remote-cache/storage/s3.ts
index 19ba82ff..80b183b1 100644
--- a/src/plugins/remote-cache/storage/s3.ts
+++ b/src/plugins/remote-cache/storage/s3.ts
@@ -19,7 +19,13 @@ export function createS3({
 }: S3Options) {
   const client = new aws.S3({
     ...(accessKey && secretKey
-      ? { credentials: { accessKeyId: accessKey, secretAccessKey: secretKey } }
+      ? {
+          credentials: {
+            accessKeyId: accessKey,
+            secretAccessKey: secretKey,
+            sessionToken: process.env.AWS_SESSION_TOKEN,
+          },
+        }
       : {}),
     ...(region ? { region } : {}),
     ...(endpoint ? { endpoint: new aws.Endpoint(endpoint) } : {}),