diff --git a/plugins/repository-s3/src/main/java/org/opensearch/repositories/s3/S3Service.java b/plugins/repository-s3/src/main/java/org/opensearch/repositories/s3/S3Service.java
index 18bb62944dede..930af6f8a9799 100644
--- a/plugins/repository-s3/src/main/java/org/opensearch/repositories/s3/S3Service.java
+++ b/plugins/repository-s3/src/main/java/org/opensearch/repositories/s3/S3Service.java
@@ -305,21 +305,28 @@ static AWSCredentialsProvider buildCredentials(Logger logger, S3ClientSettings c
             }
 
             if (irsaCredentials.getIdentityTokenFile() == null) {
-                return new PrivilegedSTSAssumeRoleSessionCredentialsProvider<>(
-                    securityTokenService,
+                final STSAssumeRoleSessionCredentialsProvider.Builder stsCredentialsProviderBuilder =
                     new STSAssumeRoleSessionCredentialsProvider.Builder(irsaCredentials.getRoleArn(), irsaCredentials.getRoleSessionName())
-                        .withStsClient(securityTokenService)
-                        .build()
+                        .withStsClient(securityTokenService);
+
+                final STSAssumeRoleSessionCredentialsProvider stsCredentialsProvider = SocketAccess.doPrivileged(
+                    stsCredentialsProviderBuilder::build
                 );
+
+                return new PrivilegedSTSAssumeRoleSessionCredentialsProvider<>(securityTokenService, stsCredentialsProvider);
             } else {
-                return new PrivilegedSTSAssumeRoleSessionCredentialsProvider<>(
-                    securityTokenService,
+                final STSAssumeRoleWithWebIdentitySessionCredentialsProvider.Builder stsCredentialsProviderBuilder =
                     new STSAssumeRoleWithWebIdentitySessionCredentialsProvider.Builder(
                         irsaCredentials.getRoleArn(),
                         irsaCredentials.getRoleSessionName(),
                         irsaCredentials.getIdentityTokenFile()
-                    ).withStsClient(securityTokenService).build()
+                    ).withStsClient(securityTokenService);
+
+                final STSAssumeRoleWithWebIdentitySessionCredentialsProvider stsCredentialsProvider = SocketAccess.doPrivileged(
+                    stsCredentialsProviderBuilder::build
                 );
+
+                return new PrivilegedSTSAssumeRoleSessionCredentialsProvider<>(securityTokenService, stsCredentialsProvider);
             }
         } else if (basicCredentials != null) {
             logger.debug("Using basic key/secret credentials");