diff --git a/packaging/docker/Dockerfile b/packaging/docker/Dockerfile
index 828d5dda036..841989488cd 100644
--- a/packaging/docker/Dockerfile
+++ b/packaging/docker/Dockerfile
@@ -63,6 +63,24 @@ COPY fdbkubernetesmonitor/ /fdbkubernetesmonitor
 WORKDIR /fdbkubernetesmonitor
 RUN go build -o /fdb-kubernetes-monitor *.go
 
+# Build the fdb-aws-s3-credentials-fetcher in a dedicated build
+FROM go-build AS go-credentials-fetcher-build
+COPY fdb-aws-s3-credentials-fetcher/ /fdb-aws-s3-credentials-fetcher
+WORKDIR /fdb-aws-s3-credentials-fetcher
+RUN go build -o /fdb-aws-s3-credentials-fetcher *.go
+
+# For now use 'base'. Later, could use a more stripped down image
+# since this script needs little.
+FROM base AS fdb-aws-s3-credentials-fetcher-sidecar
+RUN groupadd --gid 4059 fdb && \
+    useradd --gid 4059 \
+            --uid 4059 \
+            --no-create-home \
+            --shell /bin/bash fdb
+USER fdb
+COPY --from=go-credentials-fetcher-build /fdb-aws-s3-credentials-fetcher /usr/bin/
+ENTRYPOINT ["/usr/bin/fdb-aws-s3-credentials-fetcher", "-dir", "/var/fdb"]
+
 FROM base AS foundationdb-base
 
 WORKDIR /tmp