AWS Role Assume Role Temporary Access with JavaScript for backend

In the past I open an minio client inside my JavaScript app with a technical user to access S3. This was working very good. Now I want ot make the app more secure. My app is running inside a ECS Cluster on a Fargate service/task.

I have a task role with “S3 Full Access” that was given to the Bucket with s3Bucket.grantReadWrite(props.role);

I assume that the task role with S3 Full Access can access the bucket without accesskey and secretkey from technical user.
I try to use the function “AsumeRoleProvider”. But iam confused how to get the webidentityToken and why the function also request an accesskey and secretkey?

My task role has the sts:AssumeRole in Trusted entities

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "ecs-tasks.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

The attached image to try to use currently.Function I use currently

I think the appoach to access S3 from ECS task is wrong. Anybody has an hint ot a weblink where I can see how this have to work?