diff --git a/manifests/init.pp b/manifests/init.pp
index 239f96f..9dbbeb4 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -28,6 +28,7 @@
   # S3
   $aws_access_key       = $::backup::params::aws_access_key,
   $aws_secret_key       = $::backup::params::aws_secret_key,
+  $use_iam_profile      = $::backup::params::use_iam_profile,
   $bucket               = $::backup::params::bucket,
   $aws_region           = $::backup::params::aws_region,
   # Remote storage common
diff --git a/manifests/job.pp b/manifests/job.pp
index d103c8a..9c8c52e 100644
--- a/manifests/job.pp
+++ b/manifests/job.pp
@@ -47,6 +47,7 @@
   # S3
   $aws_access_key      = $::backup::aws_access_key,
   $aws_secret_key      = $::backup::aws_secret_key,
+  $use_iam_profile     = $::backup::use_iam_profile,
   $bucket              = $::backup::bucket,
   $aws_region          = $::backup::aws_region,
   $reduced_redundancy  = $::backup::reduced_redundancy,
@@ -195,13 +196,16 @@
   # S3
   if $storage_type == 's3' {
     validate_bool($reduced_redundancy)
+    validate_bool($use_iam_profile)
+    
+    if !$use_iam_profile {
+      if !$aws_access_key or !is_string($aws_access_key) {
+        fail("[Backup::Job::${name}]: Parameter aws_access_key is required for S3 storage")
+      }
 
-    if !$aws_access_key or !is_string($aws_access_key) {
-      fail("[Backup::Job::${name}]: Parameter aws_access_key is required for S3 storage")
-    }
-
-    if !$aws_secret_key or !is_string($aws_secret_key) {
-      fail("[Backup::Job::${name}]: Parameter aws_secret_key is required for S3 storage")
+      if !$aws_secret_key or !is_string($aws_secret_key) {
+        fail("[Backup::Job::${name}]: Parameter aws_secret_key is required for S3 storage")
+      }
     }
 
     if !$bucket or !is_string($bucket) {
@@ -456,6 +460,7 @@
     # Template uses
     # - $aws_access_key
     # - $aws_secret_key
+    # - $use_iam_profile
     # - $path
     # - $aws_region
     # - $bucket
diff --git a/manifests/params.pp b/manifests/params.pp
index c2d6761..d1a5408 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -43,6 +43,7 @@
   # S3
   $aws_access_key       = undef
   $aws_secret_key       = undef
+  $use_iam_profile      = false
   $bucket               = undef
   $aws_region           = undef
   $reduced_redundancy   = false
diff --git a/templates/job/s3.erb b/templates/job/s3.erb
index 8d843b4..34a2963 100644
--- a/templates/job/s3.erb
+++ b/templates/job/s3.erb
@@ -2,8 +2,12 @@
   # Amazon Simple Storage Service [Storage]
   #
   store_with S3 do |s3|
+<% if @use_iam_profile -%>
+    s3.use_iam_profile   = true
+<% else -%>
     s3.access_key_id     = "<%= @aws_access_key -%>"
     s3.secret_access_key = "<%= @aws_secret_key -%>"
+<% end -%>
     s3.path              = "<%= @_path -%>"
     s3.bucket            = "<%= @bucket -%>"
 <% if @aws_region -%>
@@ -14,5 +18,5 @@
 <% end -%>
 <% if @reduced_redundancy -%>
     s3.storage_class     = :reduced_redundancy
-<% end -%>
+<% end %>
   end