M2M Auth0 and AWS

Good Morning

Looking for some best practice advice.

Example use case:
Customer uploads txt files (via AWS CLI and a scheduled job) from their on-prem server into our AWS S3 bucket that triggers a lambda to process the file.

Currently an AWS user and secret key are provided and the customer is given permissions to rotate their keys according to their security policies.

Enter Auth0… We are integrating with Auth0 and are trying to find documentation around a best practice way to incorporate Auth0 in this M2M style of use case.

I found this:

but that is assuming that a user is logging in to do the upload (which is a valid use case) but the use-case I’m looking for some guidance on is when the customer uploads these files via automated scheduled job/service.

I also found this:

but if we’re handing out the client ID and secret (and identifier) I’m struggling to find out what we’re gaining here over handing out an IAM access key and secret key?

I mean I guess an intruder would then need the AWS keys and the Auth0 keys but I have to be missing something no?