diff --git a/group_vars/aws_node_local.yml b/group_vars/aws_node_local.yml
index b331964..0c60ce6 100644
--- a/group_vars/aws_node_local.yml
+++ b/group_vars/aws_node_local.yml
@@ -139,7 +139,8 @@ atl_tomcat_secure: "{{ lookup('env', 'ATL_TOMCAT_SECURE') or 'false' }}"
 
 atl_fileserver_host: "{{ lookup('env', 'ATL_FILESERVER_IP') }}"
 atl_elasticsearch_host: "{{ lookup('env', 'ATL_ELASTICSEARCH_HOST') }}"
-atl_elasticsearch_endpoint: "http://{{ atl_elasticsearch_host }}"
+atl_elasticsearch_protocol: "{{ lookup('env', 'ATL_ELASTICSEARCH_PROTOCOL') or 'http' }}"
+atl_elasticsearch_endpoint: "{{ atl_elasticsearch_protocol }}://{{ atl_elasticsearch_host }}"
 atl_elasticsearch_s3_bucket: "{{ lookup('env', 'ATL_ELASTICSEARCH_S3_BUCKET') }}"
 
 atl_nfs_server_device: "{{ lookup('env', 'ATL_NFS_SERVER_DEVICE') }}"
diff --git a/roles/bitbucket_config/defaults/main.yaml b/roles/bitbucket_config/defaults/main.yaml
index 1ae8340..9cdc3c7 100644
--- a/roles/bitbucket_config/defaults/main.yaml
+++ b/roles/bitbucket_config/defaults/main.yaml
@@ -3,3 +3,7 @@
 atl_bitbucket_license_key: "{{ lookup('env', 'ATL_BB_LICENSEKEY') }}"
 atl_bitbucket_properties_raw: "{{ lookup('env', 'ATL_BITBUCKET_PROPERTIES') }}"
 atl_bitbucket_properties: "{{ atl_bitbucket_properties_raw.split(' ') | reject('equalto', '') | list }}"
+
+atl_elasticsearch_username: "{{ lookup('env', 'ATL_ELASTICSEARCH_USERNAME') }}"
+atl_elasticsearch_password: "{{ lookup('env', 'ATL_ELASTICSEARCH_PASSWORD') }}"
+elasticsearch_should_auth_with_iam: "{{ atl_elasticsearch_username is not defined and atl_aws_region is defined }}"
\ No newline at end of file
diff --git a/roles/bitbucket_config/templates/bitbucket.properties.j2 b/roles/bitbucket_config/templates/bitbucket.properties.j2
index 3551c5b..d978cf6 100644
--- a/roles/bitbucket_config/templates/bitbucket.properties.j2
+++ b/roles/bitbucket_config/templates/bitbucket.properties.j2
@@ -12,8 +12,13 @@ hazelcast.network.aws.region={{ atl_aws_region }}
 hazelcast.network.aws.tag.value={{ atl_aws_stack_name }}
 hazelcast.group.name={{ atl_aws_stack_name }}
 hazelcast.group.password={{ atl_aws_stack_name }}
-plugin.search.elasticsearch.aws.region={{ atl_aws_region }}
 plugin.search.elasticsearch.baseurl={{ atl_elasticsearch_endpoint }}
+{% if elasticsearch_should_auth_with_iam == 'true' %}
+plugin.search.elasticsearch.aws.region={{ atl_aws_region }}
+{% else %}
+plugin.search.elasticsearch.username={{ atl_elasticsearch_username }}
+plugin.search.elasticsearch.password={{ atl_elasticsearch_password }}
+{% endif %}
 setup.displayName=Bitbucket
 setup.baseUrl = {{ atl_bitbucket_baseurl }}
 setup.license={{ atl_bitbucket_license_key }}