diff --git a/roles/cloud-ec2/tasks/discover-credentials.yml b/roles/cloud-ec2/tasks/discover-credentials.yml
new file mode 100644
index 000000000..8b9a5cbbb
--- /dev/null
+++ b/roles/cloud-ec2/tasks/discover-credentials.yml
@@ -0,0 +1,35 @@
+---
+- name: "Find AWS profile and credentials file"
+  block:
+  - set_fact:
+      aws_credentials_path: "{{ lookup('env', 'HOME') }}/.aws/credentials"
+
+  - set_fact:
+      aws_credentials_path: "{{ lookup('env', 'AWS_SHARED_CREDENTIALS_FILE') }}"
+    when:
+       - lookup('env','AWS_SHARED_CREDENTIALS_FILE')|length > 0
+  - debug: var=aws_credentials_path
+
+  - set_fact:
+      aws_profile_id: "default"
+
+  - set_fact:
+      aws_profile_id: "{{ lookup('env', 'AWS_PROFILE') }}"
+    when:
+       - lookup('env','AWS_PROFILE')|length > 0
+
+- name: "Look up AWS credentials"
+  block:
+  - set_fact:
+      aws_access_key: "{{ lookup('ini', 'aws_access_key_id', section=aws_profile_id, file=aws_credentials_path) }}"
+    ignore_errors: true
+    when:
+       - aws_access_key is undefined
+       - lookup('env','AWS_ACCESS_KEY_ID')|length <= 0
+
+  - set_fact:
+      aws_secret_key: "{{ lookup('ini', 'aws_secret_access_key', section=aws_profile_id, file=aws_credentials_path) }}"
+    ignore_errors: true
+    when:
+      - aws_secret_key is undefined
+      - lookup('env','AWS_SECRET_ACCESS_KEY')|length <= 0
diff --git a/roles/cloud-ec2/tasks/main.yml b/roles/cloud-ec2/tasks/main.yml
index 3b47b50f0..bb9cc5bf8 100644
--- a/roles/cloud-ec2/tasks/main.yml
+++ b/roles/cloud-ec2/tasks/main.yml
@@ -2,6 +2,9 @@
 - name: Build python virtual environment
   import_tasks: venv.yml
 
+- name: Include credential discovery
+  import_tasks: discover-credentials.yml
+
 - name: Include prompts
   import_tasks: prompts.yml