diff --git a/Dockerfile b/Dockerfile
index 4fffccf..20211f6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,8 +7,6 @@ RUN apt-get update && \
 
 RUN pip install s3cmd
 
-ADD s3cfg /root/.s3cfg
-
 ADD start.sh /start.sh
 RUN chmod +x /start.sh
 
diff --git a/README.md b/README.md
index cec80ae..545eb60 100644
--- a/README.md
+++ b/README.md
@@ -49,3 +49,11 @@ Run once to delete from s3 then delete the container:
         -e SECRET_KEY=myawssecret \
         -e S3_PATH=s3://my-bucket/backup/ \
         istepanov/backup-to-s3 delete
+
+Run upload to S3 using IAM roles from an EC2 instance, everyday at 12:00pm:
+
+    docker run -d \
+        -e S3_PATH=s3://my-bucket/backup/ \
+        -e 'CRON_SCHEDULE=0 12 * * *' \
+        -v /home/user/data:/data:ro \
+        istepanov/backup-to-s3
diff --git a/s3cfg b/s3cfg
deleted file mode 100644
index 10ee2df..0000000
--- a/s3cfg
+++ /dev/null
@@ -1,42 +0,0 @@
-[default]
-bucket_location = US
-cloudfront_host = cloudfront.amazonaws.com
-default_mime_type = binary/octet-stream
-delete_removed = False
-dry_run = False
-enable_multipart = True
-encoding = ANSI_X3.4-1968
-encrypt = False
-follow_symlinks = False
-force = False
-get_continue = False
-gpg_command = /usr/bin/gpg
-gpg_decrypt = %(gpg_command)s -d --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
-gpg_encrypt = %(gpg_command)s -c --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
-gpg_passphrase =
-guess_mime_type = True
-host_base = s3.amazonaws.com
-host_bucket = %(bucket)s.s3.amazonaws.com
-human_readable_sizes = False
-invalidate_on_cf = False
-list_md5 = False
-log_target_prefix =
-mime_type =
-multipart_chunk_size_mb = 15
-preserve_attrs = True
-progress_meter = True
-proxy_host =
-proxy_port = 0
-recursive = False
-recv_chunk = 4096
-reduced_redundancy = False
-send_chunk = 4096
-simpledb_host = sdb.amazonaws.com
-skip_existing = False
-socket_timeout = 300
-urlencoding_mode = normal
-use_https = True
-verbosity = WARNING
-website_endpoint = http://%(bucket)s.s3-website-%(location)s.amazonaws.com/
-website_error =
-website_index = index.html
diff --git a/start.sh b/start.sh
old mode 100644
new mode 100755
index 00da030..8777946
--- a/start.sh
+++ b/start.sh
@@ -2,15 +2,62 @@
 
 set -e
 
-: ${ACCESS_KEY:?"ACCESS_KEY env variable is required"}
-: ${SECRET_KEY:?"SECRET_KEY env variable is required"}
+if [[ -n "$ACCESS_KEY"  &&  -n "$SECRET_KEY" ]]; then
+    echo "
+[default]
+bucket_location = US
+cloudfront_host = cloudfront.amazonaws.com
+default_mime_type = binary/octet-stream
+delete_removed = False
+dry_run = False
+enable_multipart = True
+encoding = ANSI_X3.4-1968
+encrypt = False
+follow_symlinks = False
+force = False
+get_continue = False
+gpg_command = /usr/bin/gpg
+gpg_decrypt = %(gpg_command)s -d --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
+gpg_encrypt = %(gpg_command)s -c --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
+gpg_passphrase =
+guess_mime_type = True
+host_base = s3.amazonaws.com
+host_bucket = %(bucket)s.s3.amazonaws.com
+human_readable_sizes = False
+invalidate_on_cf = False
+list_md5 = False
+log_target_prefix =
+mime_type =
+multipart_chunk_size_mb = 15
+preserve_attrs = True
+progress_meter = True
+proxy_host =
+proxy_port = 0
+recursive = False
+recv_chunk = 4096
+reduced_redundancy = False
+send_chunk = 4096
+simpledb_host = sdb.amazonaws.com
+skip_existing = False
+socket_timeout = 300
+urlencoding_mode = normal
+use_https = True
+verbosity = WARNING
+website_endpoint = http://%(bucket)s.s3-website-%(location)s.amazonaws.com/
+website_error =
+website_index = index.html
+access_key=$ACCESS_KEY
+secret_key=$SECRET_KEY
+" > /root/.s3cmd
+else
+    echo "No ACCESS_KEY and SECRET_KEY env variable found, assume use of IAM"
+fi
+
 : ${S3_PATH:?"S3_PATH env variable is required"}
+
 export DATA_PATH=${DATA_PATH:-/data/}
 CRON_SCHEDULE=${CRON_SCHEDULE:-0 1 * * *}
 
-echo "access_key=$ACCESS_KEY" >> /root/.s3cfg
-echo "secret_key=$SECRET_KEY" >> /root/.s3cfg
-
 if [[ "$1" == 'no-cron' ]]; then
     exec /sync.sh
 elif [[ "$1" == 'delete' ]]; then