AWS allows EC2 instances to 'inherit' an IAM policy, so that any application on that instance can have account access at the level specified in that policy.

For people like me who run Jenkins on an EC2 instance, this means that instead of having to manually specify a pair of Access + Secret keys, Jenkins could magically get account access.

http://docs.aws.amazon.com/AWSSdkDocsJava/latest/DeveloperGuide/java-dg-roles.html

i.e. if there is no access / secret key provided, then try falling back to the InstanceProfileCredentialsProvider()

Cheers,
Gavin.