diff --git a/.changes/2f25d21b-dda1-4189-ade3-d26de91899fb.json b/.changes/2f25d21b-dda1-4189-ade3-d26de91899fb.json
new file mode 100644
index 00000000000..e04f6dfba50
--- /dev/null
+++ b/.changes/2f25d21b-dda1-4189-ade3-d26de91899fb.json
@@ -0,0 +1,5 @@
+{
+    "id": "2f25d21b-dda1-4189-ade3-d26de91899fb",
+    "type": "bugfix",
+    "description": "Change order of profile and STS web identity credentials providers in default credentials provider chain"
+}
\ No newline at end of file
diff --git a/aws-runtime/aws-config/common/src/aws/sdk/kotlin/runtime/auth/credentials/DefaultChainCredentialsProvider.kt b/aws-runtime/aws-config/common/src/aws/sdk/kotlin/runtime/auth/credentials/DefaultChainCredentialsProvider.kt
index c690d48b796..63a440ffaf5 100644
--- a/aws-runtime/aws-config/common/src/aws/sdk/kotlin/runtime/auth/credentials/DefaultChainCredentialsProvider.kt
+++ b/aws-runtime/aws-config/common/src/aws/sdk/kotlin/runtime/auth/credentials/DefaultChainCredentialsProvider.kt
@@ -24,8 +24,8 @@ import aws.smithy.kotlin.runtime.util.PlatformProvider
  * Resolution order:
  *
  * 1. Environment variables ([EnvironmentCredentialsProvider])
- * 2. Profile ([ProfileCredentialsProvider])
- * 3. Web Identity Tokens ([StsWebIdentityCredentialsProvider]]
+ * 2. Web Identity Tokens ([StsWebIdentityCredentialsProvider]]
+ * 3. Profile ([ProfileCredentialsProvider])
  * 4. ECS (IAM roles for tasks) ([EcsCredentialsProvider])
  * 5. EC2 Instance Metadata (IMDSv2) ([ImdsCredentialsProvider])
  *
@@ -54,9 +54,9 @@ public class DefaultChainCredentialsProvider constructor(
     private val chain = CredentialsProviderChain(
         SystemPropertyCredentialsProvider(platformProvider::getProperty),
         EnvironmentCredentialsProvider(platformProvider::getenv),
-        ProfileCredentialsProvider(profileName = profileName, platformProvider = platformProvider, httpClient = engine, region = region),
         // STS web identity provider can be constructed from either the profile OR 100% from the environment
         StsWebIdentityProvider(platformProvider = platformProvider, httpClient = engine, region = region),
+        ProfileCredentialsProvider(profileName = profileName, platformProvider = platformProvider, httpClient = engine, region = region),
         EcsCredentialsProvider(platformProvider, engine),
         ImdsCredentialsProvider(
             client = lazy {