diff --git a/examples/full-cluster/create-iam-config.sh b/examples/full-cluster/create-iam-config.sh
new file mode 100755
index 0000000..9bb68f1
--- /dev/null
+++ b/examples/full-cluster/create-iam-config.sh
@@ -0,0 +1,63 @@
+#!/bin/bash
+
+PROFILE=$1
+CLUSTER=$2
+REGION=$3
+
+if [ -z "$PROFILE" ]
+then
+  PROFILE=$(grep -E '^\bprofile\b *' *tfvars| sed -e 's/^.*profile.* =//' -e 's/\"//g' -e 's/^ *//' | head -n 1)
+fi
+if [ -z "$PROFILE" ]
+then
+  echo "* unable to determine profile, please pass as argument 1"
+  exit 1
+else
+  echo "* using profile $PROFILE"
+fi
+
+if [ -z "$CLUSTER" ]
+then
+  CLUSTER=$(grep -E '^\bcluster_name\b *' settings.auto.tfvars| sed -e 's/^.*cluster_name.* =//' -e 's/\"//g' -e 's/^ *//' | head -n 1)
+fi
+if [ -z "$CLUSTER" ]
+then
+  echo "* unable to determine cluster name, please pass as argument 2"
+  exit 1
+else
+  echo "* using cluster $CLUSTER"
+fi
+
+ADMINROLE=$(terraform output role_cluster-admin-role_arn)
+if [ -z "$ADMINROLE" ]
+then
+  echo "* unable to determine cluster $CLUSTER admin role.  Check that you are in the correct directory an terraform has been run"
+  exit 1
+fi
+
+if [ -z "$REGION" ]
+then
+  echo "* getting region from profile $PROFILE"
+  REGION=$(aws configure --profile $PROFILE get region)
+else
+  echo "* using region $REGION"
+fi
+
+NEWPROFILE="$PROFILE-eks-$CLUSTER"
+EXISTS=$(aws configure list-profiles | grep -c "^$NEWPROFILE$")
+
+if [ $EXISTS == 0 ]
+then
+  echo "* creating new configuration profile $NEWPROFILE for assume role $ADMINROLE"
+else
+  echo "* replacing configuration for profile $NEWPROFILE for assume role $ADMINROLE"
+fi
+echo ""
+
+( echo "aws configure set profile.$NEWPROFILE.source_profile $PROFILE" ; \
+  echo "aws configure set profile.$NEWPROFILE.region $REGION" ; \
+  echo "aws configure set profile.$NEWPROFILE.role_arn $ADMINROLE" ; \
+  echo "aws configure set profile.$NEWPROFILE.role_session_name $USER" ) | sh -x
+
+echo ""
+echo "* test with: aws --profile $NEWPROFILE sts get-caller-identity"