S3: rearrange credentials chain to be standard

Signed-off-by: Steve Kriss <steve@heptio.com>

internal/backend/s3/s3.go

@@ -40,21 +40,24 @@ func open(cfg Config, rt http.RoundTripper) (*Backend, error) {
 		minio.MaxRetry = int(cfg.MaxRetries)
 	}
 
-	// Chains all credential types, starting with
+	// Chains all credential types, in the following order:
-	// Static credentials provided by user.
+	// 	- Static credentials provided by user
-	// IAM profile based credentials. (performs an HTTP
+	//	- AWS env vars (i.e. AWS_ACCESS_KEY_ID)
-	// call to a pre-defined endpoint, only valid inside
+	//  - Minio env vars (i.e. MINIO_ACCESS_KEY)
-	// configured ec2 instances)
+	//  - AWS creds file (i.e. AWS_SHARED_CREDENTIALS_FILE or ~/.aws/credentials)
-	// AWS env variables such as AWS_ACCESS_KEY_ID
+	//  - Minio creds file (i.e. MINIO_SHARED_CREDENTIALS_FILE or ~/.mc/config.json)
-	// Minio env variables such as MINIO_ACCESS_KEY
+	//  - IAM profile based credentials. (performs an HTTP
+	//    call to a pre-defined endpoint, only valid inside
+	//    configured ec2 instances)
 	creds := credentials.NewChainCredentials([]credentials.Provider{
-		&credentials.EnvAWS{},
 		&credentials.Static{
 			Value: credentials.Value{
 				AccessKeyID:     cfg.KeyID,
 				SecretAccessKey: cfg.Secret,
 			},
 		},
+		&credentials.EnvAWS{},
+		&credentials.EnvMinio{},
 		&credentials.FileAWSCredentials{},
 		&credentials.FileMinioClient{},
 		&credentials.IAM{
@@ -62,7 +65,6 @@ func open(cfg Config, rt http.RoundTripper) (*Backend, error) {
 				Transport: http.DefaultTransport,
 			},
 		},
-		&credentials.EnvMinio{},
 	})
 	client, err := minio.NewWithCredentials(cfg.Endpoint, creds, !cfg.UseHTTP, "")
 	if err != nil {