diff --git a/changelogs/fragments/aws_ec2_inventory_fallback_to_instance_role_credentials.yaml b/changelogs/fragments/aws_ec2_inventory_fallback_to_instance_role_credentials.yaml
new file mode 100644
index 00000000000..f9635498c3d
--- /dev/null
+++ b/changelogs/fragments/aws_ec2_inventory_fallback_to_instance_role_credentials.yaml
@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - Fallback to instance role STS credentials if none are explicitly provided for the aws_ec2 inventory plugin
diff --git a/lib/ansible/plugins/inventory/aws_ec2.py b/lib/ansible/plugins/inventory/aws_ec2.py
index 6254abdc227..9d3f2cf91d4 100644
--- a/lib/ansible/plugins/inventory/aws_ec2.py
+++ b/lib/ansible/plugins/inventory/aws_ec2.py
@@ -440,6 +440,13 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
         self.aws_secret_access_key = self._options.get('aws_secret_access_key')
         self.aws_security_token = self._options.get('aws_security_token')
 
+        if not self.boto_profile and not (self.aws_access_key_id and self.aws_secret_access_key):
+            session = botocore.session.get_session()
+            if session.get_credentials() is not None:
+                self.aws_access_key_id = session.get_credentials().access_key
+                self.aws_secret_access_key = session.get_credentials().secret_key
+                self.aws_security_token = session.get_credentials().token
+
         if not self.boto_profile and not (self.aws_access_key_id and self.aws_secret_access_key):
             raise AnsibleError("Insufficient boto credentials found. Please provide them in your "
                                "inventory configuration file or set them as environment variables.")