Chef Server S3 Storage

We are trying to use S3 for Chef's external Cookbook storage as described in the docs here.

Firstly, is there any word on whether IAM instance profiles will be supported instead of hardcoded access keys for uploading cookbooks to the S3 bucket? It seems strange to have an AWS hosted Chef Infra Server which can't use instance profiles when the infra is all hosted in AWS.

Secondly, assuming we can successfully authenticate with S3 (for the moment we are using access keys to achieve this) we get the error:

ERROR: You authenticated successfully to as grabyo but you are not authorized for this action
Response: <?xml version="1.0" encoding="UTF-8"?>
SignatureDoesNotMatchThe request signature we calculated does not match the signature you provided. Check your key and signing method.RETRACTEDPUT

This doesn't happen when running the command on the instance using the awscli and the same access keys, so we can be confident the error is coming from Chef Server itself. Is there anything we can do to circumnavigate this, as it appears to be coming from the client that Chef uses to interact with S3.

Thanks in advance