diff --git a/lib/getS3Creds.js b/lib/getS3Creds.js
deleted file mode 100644
index 6b07f89..0000000
--- a/lib/getS3Creds.js
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
-Copyright 2020 Adobe. All rights reserved.
-This file is licensed to you under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License. You may obtain a copy
-of the License at http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software distributed under
-the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
-OF ANY KIND, either express or implied. See the License for the specific language
-governing permissions and limitations under the License.
-*/
-const TvmClient = require('@adobe/aio-lib-core-tvm')
-
-const getS3Credentials = async (config) => {
-  if (
-    // byo
-    !(config.s3 && config.s3.creds) &&
-    // ootb
-    !(config.ow && config.ow.namespace && config.ow.auth)
-  ) {
-    throw new Error('Please check your .env file to ensure your credentials are correct. You can also use "aio app use" to load/refresh your credentials')
-  }
-
-  if (config.s3 && config.s3.creds) {
-    return config.s3.creds
-  }
-
-  const client = await TvmClient.init({
-    ow: {
-      namespace: config.ow.namespace,
-      auth: config.ow.auth
-    },
-    // can be undefined => defaults in TvmClient
-    apiUrl: config.s3 && config.s3.tvmUrl,
-    cacheFile: config.s3 && config.s3.credsCacheFile
-  })
-
-  const creds = await client.getAwsS3Credentials()
-  return creds
-}
-
-module.exports = getS3Credentials
diff --git a/package.json b/package.json
index e249401..1fa01b0 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@adobe/aio-lib-web",
-  "version": "7.1.0",
+  "version": "7.1.1",
   "description": "Utility tooling library to build and deploy Adobe I/O Project Firefly app static sites to CDN",
   "main": "index.js",
   "directories": {
@@ -32,7 +32,7 @@
     "@adobe/aio-lib-core-config": "^5",
     "@adobe/aio-lib-core-logging": "^3",
     "@adobe/aio-lib-core-tvm": "^4",
-    "@aws-sdk/client-s3": "^3.624.0",
+    "@adobe/aio-lib-env": "^3.0.1",
     "@smithy/node-http-handler": "^4.0.2",
     "core-js": "^3.25.1",
     "fs-extra": "^11",
diff --git a/src/deploy-web.js b/src/deploy-web.js
index f140d55..a32daec 100644
--- a/src/deploy-web.js
+++ b/src/deploy-web.js
@@ -11,7 +11,6 @@ governing permissions and limitations under the License.
 */
 
 const RemoteStorage = require('../lib/remote-storage')
-const getS3Credentials = require('../lib/getS3Creds')
 
 const fs = require('fs-extra')
 const path = require('path')
@@ -21,6 +20,11 @@ const deployWeb = async (config, log) => {
     throw new Error('cannot deploy web, app has no frontend or config is invalid')
   }
 
+  const bearerToken = await config?.ow?.auth_handler?.getAuthHeader()
+  if (!bearerToken) {
+    throw new Error('cannot deploy web, Authorization is required')
+  }
+
   /// build files
   const dist = config.web.distProd
   if (!fs.existsSync(dist) ||
@@ -30,17 +34,8 @@ const deployWeb = async (config, log) => {
     throw new Error(`missing files in ${dist}, maybe you forgot to build your UI ?`)
   }
 
-  const creds = await getS3Credentials(config)
+  const remoteStorage = new RemoteStorage()
 
-  const remoteStorage = new RemoteStorage(creds)
-  const exists = await remoteStorage.folderExists(config.s3.folder + '/')
-
-  if (exists) {
-    if (log) {
-      log('warning: an existing deployment will be overwritten')
-    }
-    await remoteStorage.emptyFolder(config.s3.folder + '/')
-  }
   const _log = log ? (f) => log(`deploying ${path.relative(dist, f)}`) : null
   await remoteStorage.uploadDir(dist, config.s3.folder, config, _log)
 
diff --git a/test/lib/getS3Creds.test.js b/test/lib/getS3Creds.test.js
deleted file mode 100644
index 3afd1c6..0000000
--- a/test/lib/getS3Creds.test.js
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
-Copyright 2020 Adobe. All rights reserved.
-This file is licensed to you under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License. You may obtain a copy
-of the License at http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software distributed under
-the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
-OF ANY KIND, either express or implied. See the License for the specific language
-governing permissions and limitations under the License.
-*/
-
-const getS3Credentials = require('../../lib/getS3Creds')
-
-const fakeReturnedTvmCreds = { fake: 'tvmcreds' } // from __mocks__
-const mockTVM = require('@adobe/aio-lib-core-tvm')
-
-describe('getS3Credentials', () => {
-  beforeEach(() => {
-    mockTVM.init.mockClear()
-  })
-
-  test('throw when missing required args', async () => {
-    const expectedErrorMessage =
-      'Please check your .env file to ensure your credentials are correct.'
-
-    await expect(getS3Credentials({}))
-      .rejects.toThrow(expectedErrorMessage)
-
-    await expect(getS3Credentials({ ow: { namespace: 'ns' }, s3: {} }))
-      .rejects.toThrow(expectedErrorMessage)
-
-    await expect(getS3Credentials({ ow: { auth: 'auth' } }))
-      .rejects.toThrow(expectedErrorMessage)
-  })
-
-  test('returns s3.creds if defined', async () => {
-    const fakeCreds = { fake: 's3creds' }
-    await expect(getS3Credentials({ ow: { namespace: 'ns', auth: 'auth' }, s3: { creds: fakeCreds } }))
-      .resolves.toEqual(fakeCreds)
-    expect(mockTVM.init).not.toHaveBeenCalled()
-  })
-
-  test('gets credentials from tvm', async () => {
-    await expect(getS3Credentials({ ow: { namespace: 'ns', auth: 'auth' } }))
-      .resolves.toEqual(fakeReturnedTvmCreds)
-    expect(mockTVM.init).toHaveBeenCalledWith({
-      apiUrl: undefined,
-      cacheFile: undefined,
-      ow: { auth: 'auth', namespace: 'ns' }
-    })
-  })
-
-  test('gets credentials from tvm with custom tvmurl', async () => {
-    await expect(getS3Credentials({ ow: { namespace: 'ns', auth: 'auth' }, s3: { tvmUrl: 'custom' } }))
-      .resolves.toEqual(fakeReturnedTvmCreds)
-    expect(mockTVM.init).toHaveBeenCalledWith({
-      apiUrl: 'custom',
-      cacheFile: undefined,
-      ow: { auth: 'auth', namespace: 'ns' }
-    })
-  })
-
-  test('gets credentials from tvm with custom credsCacheFile', async () => {
-    await expect(getS3Credentials({ ow: { namespace: 'ns', auth: 'auth' }, s3: { credsCacheFile: 'custom' } }))
-      .resolves.toEqual(fakeReturnedTvmCreds)
-    expect(mockTVM.init).toHaveBeenCalledWith({
-      apiUrl: undefined,
-      cacheFile: 'custom',
-      ow: { auth: 'auth', namespace: 'ns' }
-    })
-  })
-})