diff --git a/examples/region-shared-setup/credentials.network_account.tf b/examples/region-shared-setup/credentials.network_account.tf
new file mode 100644
index 0000000..d6f4c5f
--- /dev/null
+++ b/examples/region-shared-setup/credentials.network_account.tf
@@ -0,0 +1,22 @@
+variable "os_username" {
+  description = "OS username from environment variable, ideally as $USER"
+  type        = string
+  default     = null
+}
+
+variable "network_role_arn" {
+  description = "AWS Role ARN of network account where shared resoruces are defined.   AssumeRole will be used from this caller account."
+  type        = string
+  # shluld be a different one per environment (prod, sa) in (gov, ew) in (ent, lab)
+  default = "arn:aws-us-gov:iam::057405694017:role/r-inf-tf-remote-shared-vpc"
+}
+
+provider "aws" {
+  alias   = "network_account"
+  region  = var.region
+  profile = var.profile
+  assume_role {
+    role_arn     = var.network_role_arn
+    session_name = var.os_username
+  }
+}