diff --git a/deploy-cluster-aws/awscommon.py b/deploy-cluster-aws/awscommon.py
index 5f180ccd..1e413d95 100644
--- a/deploy-cluster-aws/awscommon.py
+++ b/deploy-cluster-aws/awscommon.py
@@ -3,15 +3,13 @@
 """
 
 from __future__ import unicode_literals
-import os
 
 
 # Global constants
-AWS_ACCESS_KEY_ID = os.environ['AWS_ACCESS_KEY_ID']
-AWS_SECRET_ACCESS_KEY = os.environ['AWS_SECRET_ACCESS_KEY']
-AWS_REGION = os.environ['AWS_REGION']
+# None yet
 
 
+# Functions
 def get_naeips(client0):
     """Get a list of (allocated) non-associated elastic IP addresses
        (NAEIPs) on EC2.
diff --git a/deploy-cluster-aws/launch_ec2_nodes.py b/deploy-cluster-aws/launch_ec2_nodes.py
index 95d78750..3c37824d 100644
--- a/deploy-cluster-aws/launch_ec2_nodes.py
+++ b/deploy-cluster-aws/launch_ec2_nodes.py
@@ -17,9 +17,6 @@ import argparse
 import botocore
 import boto3
 from awscommon import (
-    AWS_ACCESS_KEY_ID,
-    AWS_SECRET_ACCESS_KEY,
-    AWS_REGION,
     get_naeips,
 )
 
@@ -38,10 +35,7 @@ num_nodes = int(args.nodes)
 
 # Get an AWS EC2 "resource"
 # See http://boto3.readthedocs.org/en/latest/guide/resources.html
-ec2 = boto3.resource(service_name='ec2',
-                     region_name=AWS_REGION,
-                     aws_access_key_id=AWS_ACCESS_KEY_ID,
-                     aws_secret_access_key=AWS_SECRET_ACCESS_KEY)
+ec2 = boto3.resource(service_name='ec2')
 
 # Create a client from the EC2 resource
 # See http://boto3.readthedocs.org/en/latest/guide/clients.html
diff --git a/docs/source/deploy-on-aws.md b/docs/source/deploy-on-aws.md
index 8d5bf727..55143703 100644
--- a/docs/source/deploy-on-aws.md
+++ b/docs/source/deploy-on-aws.md
@@ -14,9 +14,11 @@ That's true, but there are some reasons why one might want a centrally-controlle
 
 The instructions that follow have been tested on Ubuntu 14.04, but may also work on similar distros or operating systems.
 
-Our Python scripts for deploying to AWS use Python 2, so maybe create a Python 2 virtual environment and activate it. Then install the following Python packages (in that virtual environment):
+**Note: Our Python scripts for deploying to AWS use Python 2 because Fabric doesn't work with Python 3.**
+
+Maybe create a Python 2 virtual environment and activate it. Then install the following Python packages (in that virtual environment):
 ```text
-pip install fabric fabtools requests boto3
+pip install fabric fabtools requests boto3 awscli
 ```
 
 What did you just install?
@@ -25,8 +27,7 @@ What did you just install?
 * [fabtools](https://github.com/ronnix/fabtools) are "tools for writing awesome Fabric files"
 * [requests](http://docs.python-requests.org/en/master/) is a Python package/library for sending HTTP requests
 * "[Boto](https://boto3.readthedocs.org/en/latest/) is the Amazon Web Services (AWS) SDK for Python, which allows Python developers to write software that makes use of Amazon services like S3 and EC2." (`boto3` is the name of the latest Boto package.)
-
-Note: You _don't_ need to install `awscli` (AWS Command-Line Interface tools) but you can if you like.
+* [The aws-cli package](https://pypi.python.org/pypi/awscli), which is an AWS Command Line Interface (CLI).
 
 ## AWS Setup
 
@@ -36,21 +37,27 @@ Before you can deploy a BigchainDB cluster on AWS, you must have an AWS account.
 
 The next thing you'll need is an AWS access key. If you don't have one, you can create one using the [instructions in the AWS documentation](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSGettingStartedGuide/AWSCredentials.html). You should get an access key ID (e.g. AKIAIOSFODNN7EXAMPLE) and a secret access key (e.g. wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY).
 
-Our AWS deployment scripts read the AWS access key information from environment variables. One way to set the appropriate environment variables is to edit your `~/.bashrc` file (or similar) by adding the lines:
+You should also pick a default AWS region name (e.g. `eu-central-1`). That's where your cluster will run. The AWS documentation has [a list of them](http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region).
+
+Once you've got your AWS access key, and you've picked a default AWS region name, go to a terminal session and enter:
 ```text
-export AWS_ACCESS_KEY_ID=[[insert AWS access key here, with no brackets]]
-export AWS_SECRET_ACCESS_KEY=[[insert AWS secret access key here, with no brackets]]
-export AWS_REGION=eu-central-1
+aws configure
 ```
 
-You can change the `AWS_REGION` to a different one if you like. (It's where the cluster will be deployed.) The AWS documentation has [a list of them](http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region).
-
-You can force your terminal to re-read `~/.bashrc` by using
+and answer the four questions. For example:
 ```text
-source ~/.bashrc
+AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
+AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+Default region name [None]: eu-central-1
+Default output format [None]: [Press Enter]
 ```
 
-or by opening a new terminal session.
+This writes two files: 
+
+* `~/.aws/credentials`
+* `~/.aws/config`
+
+AWS tools and packages look for those files.
 
 ### Get Enough Amazon Elastic IP Addresses