diff --git a/py/aws-assume-role.py b/py/aws-assume-role.py
new file mode 100644
index 0000000..f68d872
--- /dev/null
+++ b/py/aws-assume-role.py
@@ -0,0 +1,15 @@
+import json
+import boto3
+import base64
+
+def lambda_handler(event, context):
+    # TODO implement
+    sts_client = boto3.client('sts')
+    assumed_role_object=sts_client.assume_role(
+        RoleArn="arn:aws:iam::111122223333:role/SomeRole",
+        RoleSessionName="lambda-assumeRoleMs"
+    )
+    print("export AWS_ACCESS_KEY_ID=" + assumed_role_object['Credentials']['AccessKeyId'])
+    print("export AWS_SECRET_ACCESS_KEY=" + assumed_role_object['Credentials']['SecretAccessKey'])
+    print("export AWS_SESSION_TOKEN=" + assumed_role_object['Credentials']['SessionToken'])
+    print("export AWS_DEFAULT_REGION=ap-east-1")