The AWS Beanstalk Publisher plugin currently allows a key ID and secret key to be set. However, when jenkins is itself running inside AWS (eg on an EC2 instance) we should be able assume the credentials provided by the IAM role assigned to the server. This removes the need to store secret keys in jenkins.

This is already implemented in the S3 plugin, for reference:
https://github.com/jenkinsci/s3-plugin/blob/master/src/main/java/hudson/plugins/s3/S3Profile.java