diff --git a/.gitignore b/.gitignore
index 72a68b1..2a12031 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,7 +1,4 @@
 .idea
-go.mod
 aws.lee
 aws.*
 .env_docker_compose
-
-!aws.go
\ No newline at end of file
diff --git a/tools/devops/cmd/deploy/aws.go b/tools/devops/cmd/deploy/aws.go
index 4708a7f..47aae18 100644
--- a/tools/devops/cmd/deploy/aws.go
+++ b/tools/devops/cmd/deploy/aws.go
@@ -3,9 +3,11 @@ package deploy
 import (
 	"encoding/json"
 	"fmt"
+	"github.com/aws/aws-sdk-go/aws/session"
 	"io/ioutil"
 	"path/filepath"
 	"sort"
+	"strconv"
 	"strings"
 
 	"github.com/aws/aws-sdk-go/aws"
@@ -26,6 +28,21 @@ const (
 func GetAwsCredentials(targetEnv string) (awsCredentials, error) {
 	var creds awsCredentials
 
+	if v := getTargetEnv(targetEnv, "AWS_USE_ROLE"); v != "" {
+		creds.UseRole, _ = strconv.ParseBool(v)
+
+		sess, err := session.NewSession()
+		if err != nil {
+			return creds, errors.Wrap(err, "failed to load aws credentials from instance")
+		}
+
+		if  sess.Config != nil && sess.Config.Region != nil {
+			creds.Region = *sess.Config.Region
+		}
+
+		return creds, nil
+	}
+
 	creds.AccessKeyID = strings.TrimSpace(getTargetEnv(targetEnv, "AWS_ACCESS_KEY_ID"))
 	creds.SecretAccessKey = strings.TrimSpace(getTargetEnv(targetEnv, "AWS_SECRET_ACCESS_KEY"))
 	creds.Region = strings.TrimSpace(getTargetEnv(targetEnv, "AWS_REGION"))
diff --git a/tools/devops/cmd/deploy/models.go b/tools/devops/cmd/deploy/models.go
index 069c544..48308d0 100644
--- a/tools/devops/cmd/deploy/models.go
+++ b/tools/devops/cmd/deploy/models.go
@@ -170,13 +170,22 @@ func (r *serviceDeployRequest) awsSession() *session.Session {
 // AwsCredentials defines AWS credentials used for deployment. Unable to use roles when deploying
 // using gitlab CI/CD pipeline.
 type awsCredentials struct {
-	AccessKeyID     string `validate:"required"`
-	SecretAccessKey string `validate:"required"`
-	Region          string `validate:"required"`
+	AccessKeyID     string `validate:"required_without=UseRole"`
+	SecretAccessKey string `validate:"required_without=UseRole"`
+	Region          string `validate:"required_without=UseRole"`
+	UseRole          bool
 }
 
 // Session returns a new AWS Session used to access AWS services.
 func (creds awsCredentials) Session() *session.Session {
+
+	if creds.UseRole {
+		// Get an AWS session from an implicit source if no explicit
+		// configuration is provided. This is useful for taking advantage of
+		// EC2/ECS instance roles.
+		return  session.Must(session.NewSession())
+	}
+
 	return session.New(
 		&aws.Config{
 			Region:      aws.String(creds.Region),
diff --git a/tools/devops/cmd/deploy/service_deploy.go b/tools/devops/cmd/deploy/service_deploy.go
index 2d3b599..aec1426 100644
--- a/tools/devops/cmd/deploy/service_deploy.go
+++ b/tools/devops/cmd/deploy/service_deploy.go
@@ -68,7 +68,12 @@ func NewServiceDeployRequest(log *log.Logger, flags ServiceDeployFlags) (*servic
 		if err != nil {
 			return nil, err
 		}
-		log.Printf("\t\t\tAccessKeyID: '%s'", awsCreds.AccessKeyID)
+		if awsCreds.UseRole {
+			log.Printf("\t\t\tUsing role")
+		} else {
+			log.Printf("\t\t\tAccessKeyID: '%s'", awsCreds.AccessKeyID)
+		}
+
 		log.Printf("\t\t\tRegion: '%s'", awsCreds.Region)
 		log.Printf("\t%s\tAWS credentials valid.", tests.Success)
 	}