diff --git a/.aws/cli/alias b/.aws/cli/alias
index bd45f843d18a54fb59df1aff7accda22d8eea8ea..4c3ac58ae28bcdb4af0fcbb8d695e041023621f8 100644
--- a/.aws/cli/alias
+++ b/.aws/cli/alias
@@ -11,3 +11,4 @@ metadata-region = !python3 << EOF
     EOF
 du = s3 ls --recursive --human-readable --summarize
 enable_ena = ec2 modify-instance-attribute --ena-support --instance-id
+assume-role = !assume-role
diff --git a/Documents/bin/assume-role b/Documents/bin/assume-role
new file mode 100755
index 0000000000000000000000000000000000000000..a83771952449516a8ab831a8aaad5fd81d5a7c62
--- /dev/null
+++ b/Documents/bin/assume-role
@@ -0,0 +1,39 @@
+#!/bin/sh
+set -eu
+
+# This script runs the AWS assume-role command, captures the output, sets the
+# environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and
+# AWS_SESSION_TOKEN) and executes the command given.
+
+usage() {
+    echo "$(basename "$0"): [-h|--help] ROLE_ARN COMMAND [PARAMETER [PARAMETER ...]]"
+}
+
+command -v aws > /dev/null || { echo 'Cannot find the AWS CLI, exiting.' >&2; exit 1; }
+
+if [ "$#" -lt 2 ]
+then
+    usage
+    exit 1
+fi
+
+role_arn="$1"
+shift
+
+credentials="$(aws sts assume-role \
+    --output text \
+    --duration-seconds 3600 \
+    --role-arn "$role_arn" \
+    --role-session-name 'CircleCI_executor')"
+
+AWS_ACCESS_KEY_ID="$(echo "$credentials" | awk 'NR == 2 {print $2}')"
+AWS_SECRET_ACCESS_KEY="$(echo "$credentials" | awk 'NR == 2 {print $4}')"
+AWS_SESSION_TOKEN="$(echo "$credentials" | awk 'NR == 2 {print $5}')"
+
+export AWS_ACCESS_KEY_ID
+export AWS_SECRET_ACCESS_KEY
+export AWS_SESSION_TOKEN
+
+unset AWS_SECURITY_TOKEN
+
+eval exec "$@"