You can define an authorization to include in the EXTERNAL SECURITY clause of the function mapping for READ_NOS. See "CREATE AUTHORIZATION and REPLACE AUTHORIZATION" in Teradata Vantage™ - SQL Data Definition Language Syntax and Examples, B035-1144. See Define a Function Mapping for READ_NOS.
For example:
CREATE AUTHORIZATION DefAuth_S3 AS DEFINER TRUSTED USER 'YOUR-ACCESS-KEY-ID' PASSWORD 'YOUR-SECRET-ACCESS-KEY';