diff --git a/README.md b/README.md
index 4c8460c..7b6613d 100644
--- a/README.md
+++ b/README.md
@@ -529,4 +529,30 @@ systemctl restart docker
 3.  Create ApplicationListener<ApplicationPreparedEvent>    
 4.  Add the new application listener to the `spring.factories` file in the folder `src/main/resources/META-INF`    
 5.  Test locally -> works    
+ 
+#####  38.5 Refactoring Configuration to run in EC2 and PC with configured AWS credentials
+
+1.  Get rid of `Access key ID` and `Secret access key`
+    -  on PC we have configured credentials for AWS-CLI
+    -  ~/.aws/credentials -> 
+        -  `[default]`
+        -  `aws_access_key_id = AK...CY`
+        -  `aws_secret_access_key = Fk...30`
+2.  For EC2 attach IAM Role that allow access to S3 and Security Manager
+    -  EC2 -> Instances -> `docker-ec2` -> Actions -> Security -> Modify IAM Role
+    -  Create New IAM Role
+        -  Use Case:
+            -  EC2
+            -  Allows EC2 instances to call AWS services on your behalf.
+        -  Attach permissions policies
+            -  SecretsManagerReadWrite
+            -  AmazonS3FullAccess
+        -  Name:  `ec2-services-role`                 
+    -  Save
+3.  Deploy
+4.  Test -> OK
+
+
+
+
     
\ No newline at end of file
diff --git a/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/AmazonConfig.java b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/AmazonConfig.java
index 6452bc7..97e1afc 100644
--- a/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/AmazonConfig.java
+++ b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/AmazonConfig.java
@@ -1,11 +1,7 @@
 package net.shyshkin.study.fullstack.supportportal.backend.config;
 
-import com.amazonaws.auth.AWSCredentials;
-import com.amazonaws.auth.AWSStaticCredentialsProvider;
-import com.amazonaws.auth.BasicAWSCredentials;
 import com.amazonaws.services.s3.AmazonS3;
 import com.amazonaws.services.s3.AmazonS3ClientBuilder;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
@@ -15,16 +11,7 @@ import org.springframework.context.annotation.Profile;
 public class AmazonConfig {
 
     @Bean
-    public AmazonS3 s3(@Value("${app.amazon-s3.access-key}") String accessKey,
-                       @Value("${app.amazon-s3.secret-key}") String secretKey,
-                       @Value("${app.amazon-s3.region}") String region) {
-
-        AWSCredentials awsCredentials =
-                new BasicAWSCredentials(accessKey, secretKey);
-        return AmazonS3ClientBuilder
-                .standard()
-                .withRegion(region)
-                .withCredentials(new AWSStaticCredentialsProvider(awsCredentials))
-                .build();
+    public AmazonS3 s3() {
+        return AmazonS3ClientBuilder.defaultClient();
     }
 }
diff --git a/support-portal-backend/src/main/resources/application.yml b/support-portal-backend/src/main/resources/application.yml
index f5c3cc1..b35ef0a 100644
--- a/support-portal-backend/src/main/resources/application.yml
+++ b/support-portal-backend/src/main/resources/application.yml
@@ -135,9 +135,6 @@ spring:
       on-profile: image-s3
 app:
   amazon-s3:
-    access-key: ${AMAZON_S3_ACCESS_KEY}
-    secret-key: ${AMAZON_S3_SECRET_KEY}
-    region: eu-north-1
     bucket-name: portal-user-profile-images