diff --git a/ebs-snapshot.sh b/ebs-snapshot.sh
index 89c9b64..66af16e 100644
--- a/ebs-snapshot.sh
+++ b/ebs-snapshot.sh
@@ -27,9 +27,20 @@ set -o pipefail
 
 ## Variable Declartions ##
 
+# This URI is the same everywhere. Keep it DRY.
+latest_metadata=http://169.254.169.254/latest/meta-data/
+
 # Get Instance Details
-instance_id=$(wget -q -O- http://169.254.169.254/latest/meta-data/instance-id)
-region=$(wget -q -O- http://169.254.169.254/latest/meta-data/placement/availability-zone | sed -e 's/\([1-9]\).$/\1/g')
+instance_id=$(wget -q -O- ${latest_metadata}instance-id)
+region=$(wget -q -O- ${latest_metadata}placement/availability-zone | sed -e 's/\([1-9]\).$/\1/g')
+iam_role=$(wget -q -O- ${latest_metadata}iam/security-credentials/)
+
+# Export the rolling credentials for the iam role, if this instance has one.
+if [ -n "$iam_role" ]; then
+    export AWS_ACCESS_KEY_ID=$(wget -q -O- ${latest_metadata}iam/security-credentials/${iam_role} | grep "AccessKeyId" | cut -d ":" -f 2 | tr "," " " | tr -d '"')
+    export AWS_SECRET_ACCESS_KEY=$(wget -q -O- ${latest_metadata}iam/security-credentials/${iam_role} | grep "SecretAccessKey" | cut -d ":" -f 2 | tr "," " " | tr -d '"')
+    export AWS_SECURITY_TOKEN=$(wget -q -O- ${latest_metadata}iam/security-credentials/${iam_role} | grep "Token" | cut -d ":" -f 2 | tr "," " " | tr -d '"')
+fi
 
 # Set Logging Options
 logfile="/var/log/ebs-snapshot.log"