diff --git a/pkgs/build-support/fetchs3/default.nix b/pkgs/build-support/fetchs3/default.nix
index e6b7a3418c0c..14dac9997d94 100644
--- a/pkgs/build-support/fetchs3/default.nix
+++ b/pkgs/build-support/fetchs3/default.nix
@@ -1,6 +1,7 @@
 { stdenvNoCC, runCommand, awscli }:
 
 { s3url
+, name ? builtins.baseNameOf s3url
 , sha256
 , region ? "us-east-1"
 , credentials ? null # Default to looking at local EC2 metadata service
@@ -10,16 +11,23 @@
 }:
 
 let
-  credentialAttrs = stdenvNoCC.lib.optionalAttrs (credentials != null) {
-    AWS_ACCESS_KEY_ID = credentials.access_key_id;
-    AWS_SECRET_ACCESS_KEY = credentials.secret_access_key;
-    AWS_SESSION_TOKEN = credentials.session_token ? null;
+  mkCredentials = { access_key_id, secret_access_key, session_token ? null }: {
+    AWS_ACCESS_KEY_ID = access_key_id;
+    AWS_SECRET_ACCESS_KEY = secret_access_key;
+    AWS_SESSION_TOKEN = session_token;
   };
-in runCommand "foo" ({
+
+  credentialAttrs = stdenvNoCC.lib.optionalAttrs (credentials != null) (mkCredentials credentials);
+in runCommand name ({
   nativeBuildInputs = [ awscli ];
+
   outputHashAlgo = "sha256";
   outputHash = sha256;
   outputHashMode = if recursiveHash then "recursive" else "flat";
+
+  preferLocalBuild = true;
+
+  AWS_DEFAULT_REGION = region;
 } // credentialAttrs) (if postFetch != null then ''
   downloadedFile="$(mktemp)"
   aws s3 cp ${s3url} $downloadedFile