diff --git a/bin/create-ec2-machine-database.sh b/bin/create-ec2-machine-database.sh
index 4ed330e..fca5480 100755
--- a/bin/create-ec2-machine-database.sh
+++ b/bin/create-ec2-machine-database.sh
@@ -58,4 +58,4 @@ aws ec2 describe-instances \
     --instance-ids $INSTANCE_ID \
     --query 'Reservations[0].Instances[0].PublicIpAddress'
 
-rm -f $INSTANCE_ID_FILE
+rm -f $INSTANCE_ID_FILE
\ No newline at end of file
diff --git a/bin/ec2-profile-database-development.sh b/bin/ec2-profile-database-development.sh
index 3e6f2cc..4e03266 100755
--- a/bin/ec2-profile-database-development.sh
+++ b/bin/ec2-profile-database-development.sh
@@ -7,4 +7,4 @@ KEYNAME='hackoregon-2018-database-dev-env'
 REGION='us-west-2'
 SECURITYGROUPIDS='sg-28154957'
 SUBNETID='subnet-8794fddf'
-VOLUMESIZE='8'
+VOLUMESIZE='8'
\ No newline at end of file
diff --git a/cloudformation/ec2-db.yaml b/cloudformation/ec2-db.yaml
new file mode 100644
index 0000000..c1da06a
--- /dev/null
+++ b/cloudformation/ec2-db.yaml
@@ -0,0 +1,107 @@
+# Itention:
+# Create a ec2 instance that has read permission to the existing s3 instance(s)
+
+# USAGE:
+# Run:
+#   aws cloudformation create-stack --stack-name <stack name here> --template-body file:///absolute/path/to/this-file.yaml --capabilities CAPABILITY_NAMED_IAM
+
+# PREREQUISITES:
+# - The IAM role for this instance must already exist
+
+---
+AWSTemplateFormatVersion: '2010-09-09'
+Description: 'AWS CloudFormation to create a ec2 instance that has read permission to the existing s3 instance(s)'
+
+Parameters:
+
+    InstanceType:
+        Description: Instance type used to build the machine(s)
+        Type: String
+        Default: t2.micro
+
+    ImageId:
+        Description: AMI ID used to build the machine(s)
+        Type: String
+        Default: ami-7f43f307
+
+    AvailabilityZone:
+        Description: Avalaibility Zone to deploy within (different than region)
+        Type: String
+        Default: us-west-2a
+
+    SubnetId:
+        Description: Subnet's ID to be located at
+        Type: String
+        Default: subnet-8794fddf
+
+    SecurityGroupId:
+        Description: The Security Groups to use for the EC2 hosts
+        Type: String
+        Default: sg-28154957
+
+Resources:
+
+  DBInstance:
+    Type: AWS::EC2::Instance
+    Properties:
+      InstanceType: t2.micro # !Ref InstanceType
+      ImageId: ami-7f43f307 # !Ref ImageId
+      SecurityGroupIds:
+      -
+        sg-28154957 # !Ref SecurityGroupId
+      AvailabilityZone: us-west-2a # !Ref AvailabilityZone
+      SubnetId: subnet-8794fddf # !Ref SubnetId
+      IamInstanceProfile: 
+        !Ref InstanceProfile
+      BlockDeviceMappings:
+      -
+        DeviceName: /dev/sdb # !Ref DeviceName
+        Ebs:
+          VolumeType: gp2 # !Ref VolumeType
+          VolumeSize: 8 # !Ref VolumeSize
+          DeleteOnTermination: False # True # !Ref DeleteOnTermination
+      KeyName: hackoregon-2018-database-dev-env # !Ref KeyName
+      Tags:
+      -
+        Key: Name
+        Value: DB # !Ref InstanceName
+
+  # Role:
+  #   Type: AWS::IAM::Role
+  #   Properties:
+  #     RoleName: db-role
+  #     AssumeRolePolicyDocument:
+  #       Version: '2012-10-17'
+  #       Statement:
+  #       - Effect: Allow
+  #         Principal:
+  #           Service:
+  #           - ec2.amazonaws.com
+  #         Action:
+  #         - sts:AssumeRole
+  #     Path: "/"
+  #     #Policies:
+  #     #  - !Ref RolePolicies
+
+  # RolePolicies:
+  #   Type: AWS::IAM::Policy
+  #   Properties:
+  #     PolicyName: ec2-read-s3-policy
+  #     PolicyDocument:
+  #       Version: '2012-10-17'
+  #       Statement:
+  #       - Effect: Allow
+  #         Action: 
+  #           - "s3:GetObject"
+  #           - "s3:ListBucket"
+  #         Resource: "arn:aws:s3:::hacko-data-archive/*"
+  #     Roles:
+  #     - !Ref Role
+      
+  InstanceProfile:
+    Type: AWS::IAM::InstanceProfile
+    Properties:
+      Path: "/"
+      Roles:
+        # - !Ref Role
+        - db-role
diff --git a/cloudformation/ec2-iam-role.yaml b/cloudformation/ec2-iam-role.yaml
new file mode 100644
index 0000000..a8034f3
--- /dev/null
+++ b/cloudformation/ec2-iam-role.yaml
@@ -0,0 +1,44 @@
+# Itention:
+# Create an IAM role for EC2 instance
+
+# USAGE:
+# Run:
+#   aws cloudformation create-stack --stack-name <stack name here> --template-body file:///absolute/path/to/this-file.yaml --capabilities CAPABILITY_NAMED_IAM
+
+---
+AWSTemplateFormatVersion: '2010-09-09'
+Description: 'AWS CloudFormation Template to create EC2 instances'
+
+Resources:
+
+  Role:
+    Type: AWS::IAM::Role
+    Properties:
+      RoleName: db-role
+      AssumeRolePolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+        - Effect: Allow
+          Principal:
+            Service:
+            - ec2.amazonaws.com
+          Action:
+          - sts:AssumeRole
+      Path: "/"
+      #Policies:
+      #  - !Ref RolePolicies
+
+  RolePolicies:
+    Type: AWS::IAM::Policy
+    Properties:
+      PolicyName: ec2-read-s3-policy
+      PolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+        - Effect: Allow
+          Action: 
+            - "s3:GetObject"
+            - "s3:ListBucket"
+          Resource: "arn:aws:s3:::hacko-data-archive/*"
+      Roles:
+      - !Ref Role