The AWS SDK can find credentials from local profiles (AWS_PROFILE env var), instance profiles, and/or environment variables. Right now it seems the R53 provider code deliberately requires passing in the credentials, which makes it impossible to use any other credential source.

AFAIK the recommended way to deal with credentials is to pass them if they are explicitly defined, but not care at all otherwise and let the SDK handle things. If no valid credentials actually exist API calls will simply fail with lack of authorization.