diff --git a/README.md b/README.md
index 9fd3c82..e2807c4 100644
--- a/README.md
+++ b/README.md
@@ -17,7 +17,7 @@ sudo dokku plugin:install https://github.com/dokku/dokku-redis.git redis
 ## commands
 
 ```
-redis:backup <name> <bucket>   Create a backup of the redis service to an existing s3 bucket
+redis:backup <name> <bucket> [--use-iam] Create a backup of the redis service to an existing s3 bucket
 redis:backup-auth <name> <aws_access_key_id> <aws_secret_access_key> (<aws_default_region>) (<aws_signature_version>) (<endpoint_url>) Sets up authentication for backups on the redis service
 redis:backup-deauth <name>     Removes backup authentication for the redis service
 redis:backup-schedule <name> <schedule> <bucket> Schedules a backup of the redis service
@@ -58,7 +58,7 @@ dokku redis:create lolipop
 
 # you can also specify custom environment
 # variables to start the redis service
-# in semi-colon separated forma
+# in semi-colon separated form
 export REDIS_CUSTOM_ENV="USER=alpha;HOST=beta"
 dokku redis:create lolipop
 
@@ -181,6 +181,10 @@ OR
 
 Datastore backups are supported via AWS S3 and S3 compatible services like [minio](https://github.com/minio/minio).
 
+You may skip the `backup-auth` step if your dokku install is running within EC2
+and has access to the bucket via an IAM profile. In that case, use the `--use-iam`
+option with the `backup` command.
+
 Backups can be performed using the backup commands:
 
 ```
diff --git a/common-functions b/common-functions
index eda9951..0674f7b 100755
--- a/common-functions
+++ b/common-functions
@@ -105,13 +105,19 @@ service_alternative_alias() {
 
 service_backup() {
   declare desc="Creates a backup of a service to an existing s3 bucket"
-  declare SERVICE="$1" BUCKET_NAME="$2"
+  declare SERVICE="$1" BUCKET_NAME="$2" S3_FLAG="$3"
   local BACKUP_CONFIG_ROOT="$PLUGIN_DATA_ROOT/$SERVICE/backup"
   local AWS_ACCESS_KEY_ID_FILE="$BACKUP_CONFIG_ROOT/AWS_ACCESS_KEY_ID"
   local AWS_SECRET_ACCESS_KEY_FILE="$BACKUP_CONFIG_ROOT/AWS_SECRET_ACCESS_KEY"
+  local BACKUP_PARAMETERS=""
 
-  [[ ! -f "$AWS_ACCESS_KEY_ID_FILE" ]] && dokku_log_fail "Missing AWS_ACCESS_KEY_ID file"
-  [[ ! -f "$AWS_SECRET_ACCESS_KEY_FILE" ]] && dokku_log_fail "Missing AWS_SECRET_ACCESS_KEY file"
+  if [[ -z "$S3_FLAG" ]]; then
+    [[ ! -f "$AWS_ACCESS_KEY_ID_FILE" ]] && dokku_log_fail "Missing AWS_ACCESS_KEY_ID file"
+    [[ ! -f "$AWS_SECRET_ACCESS_KEY_FILE" ]] && dokku_log_fail "Missing AWS_SECRET_ACCESS_KEY file"
+    BACKUP_PARAMETERS="$BACKUP_PARAMETERS -e AWS_ACCESS_KEY_ID=$(cat "$AWS_ACCESS_KEY_ID_FILE") -e AWS_SECRET_ACCESS_KEY=$(cat "$AWS_SECRET_ACCESS_KEY_FILE")"
+  elif [[ $S3_FLAG != "--use-iam" ]]; then
+    dokku_log_fail "Provide AWS credentials or use the --use-iam flag"
+  fi
 
   TMPDIR=$(mktemp -d)
   trap 'rm -rf "$TMPDIR" > /dev/null' RETURN INT TERM EXIT
@@ -119,11 +125,9 @@ service_backup() {
   (service_export "$SERVICE" > "${TMPDIR}/export")
 
   # Build parameter list for s3backup tool
-  BACKUP_PARAMETERS="-e AWS_ACCESS_KEY_ID=$(cat "$AWS_ACCESS_KEY_ID_FILE") \
-                     -e AWS_SECRET_ACCESS_KEY=$(cat "$AWS_SECRET_ACCESS_KEY_FILE") \
-                     -e BUCKET_NAME=$BUCKET_NAME \
-                     -e BACKUP_NAME=${PLUGIN_COMMAND_PREFIX}-${SERVICE} \
-                     -v ${TMPDIR}:/backup"
+  BACKUP_PARAMETERS="$BACKUP_PARAMETERS -e BUCKET_NAME=$BUCKET_NAME"
+  BACKUP_PARAMETERS="$BACKUP_PARAMETERS -e BACKUP_NAME=${PLUGIN_COMMAND_PREFIX}-${SERVICE}"
+  BACKUP_PARAMETERS="$BACKUP_PARAMETERS -v ${TMPDIR}:/backup"
 
   if [[ -f "$BACKUP_CONFIG_ROOT/AWS_DEFAULT_REGION" ]]; then
     BACKUP_PARAMETERS="$BACKUP_PARAMETERS -e AWS_DEFAULT_REGION=$(cat "$BACKUP_CONFIG_ROOT/AWS_DEFAULT_REGION")"
diff --git a/subcommands/backup b/subcommands/backup
index a68cf8a..cb115d6 100755
--- a/subcommands/backup
+++ b/subcommands/backup
@@ -7,12 +7,12 @@ source "$(dirname "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")/functions"
 redis-backup-cmd() {
   declare desc="creates a backup of the $PLUGIN_SERVICE service to an existing s3 bucket"
   local cmd="$PLUGIN_COMMAND_PREFIX:backup" argv=("$@"); [[ ${argv[0]} == "$cmd" ]] && shift 1
-  declare SERVICE="$1" BUCKET_NAME="$2"
+  declare SERVICE="$1" BUCKET_NAME="$2" S3_FLAG="$3"
 
   [[ -z "$SERVICE" ]] && dokku_log_fail "Please specify a name for the service"
   [[ -z "$BUCKET_NAME" ]] && dokku_log_fail "Please specify an aws bucket for the backup"
   verify_service_name "$SERVICE"
-  service_backup "$SERVICE" "$BUCKET_NAME"
+  service_backup "$SERVICE" "$BUCKET_NAME" "$S3_FLAG"
 }
 
 redis-backup-cmd "$@"