diff --git a/changelog/0.8.3_2018-02-26/pull-1647 b/changelog/0.8.3_2018-02-26/pull-1647
new file mode 100644
index 000000000..63339e6c7
--- /dev/null
+++ b/changelog/0.8.3_2018-02-26/pull-1647
@@ -0,0 +1,8 @@
+Enhancement: Change priority of AWS credential providers to accept AWS_SESSION_TOKEN
+
+Before, it was not possible to use s3 backend with AWS temporary security credentials(with AWS_SESSION_TOKEN).
+This change gives higher priority to credentials.EnvAWS credentials provider.
+
+https://github.com/restic/restic/issues/1477
+https://github.com/restic/restic/pull/1479
+https://github.com/restic/restic/pull/1647
\ No newline at end of file
diff --git a/internal/backend/s3/s3.go b/internal/backend/s3/s3.go
index 420729b0e..636a52b46 100644
--- a/internal/backend/s3/s3.go
+++ b/internal/backend/s3/s3.go
@@ -48,6 +48,7 @@ func open(cfg Config, rt http.RoundTripper) (*Backend, error) {
 	// AWS env variables such as AWS_ACCESS_KEY_ID
 	// Minio env variables such as MINIO_ACCESS_KEY
 	creds := credentials.NewChainCredentials([]credentials.Provider{
+		&credentials.EnvAWS{},
 		&credentials.Static{
 			Value: credentials.Value{
 				AccessKeyID:     cfg.KeyID,
@@ -59,7 +60,6 @@ func open(cfg Config, rt http.RoundTripper) (*Backend, error) {
 				Transport: http.DefaultTransport,
 			},
 		},
-		&credentials.EnvAWS{},
 		&credentials.EnvMinio{},
 	})
 	client, err := minio.NewWithCredentials(cfg.Endpoint, creds, !cfg.UseHTTP, "")