diff --git a/files/provision.sh b/files/provision.sh
index 1bcb49b..58afa3e 100755
--- a/files/provision.sh
+++ b/files/provision.sh
@@ -213,13 +213,13 @@ function layer_install_python_based_utils_and_libs() {
              'python-octaviaclient==2.0.0' \
              'python-openstackclient==4.0.0' \
              'pyvmomi==6.7.3' \
-             'pyyaml==3.13' \
+             'pyyaml==5.1' \
              'requests==2.23.0' \
              'sh==1.12.14' \
              'sshuttle==0.78.5' \
              'structlog==20.1.0' \
              'urllib3==1.25.8' \
-             'virtualenv==20.0.4' \
+             'virtualenv==20.0.8' \
              'yamllint==1.20.0' \
              'yapf' \
              'yq' && \
diff --git a/files/usr/local/bin/assume-role b/files/usr/local/bin/assume-role
new file mode 100644
index 0000000..6cdd516
--- /dev/null
+++ b/files/usr/local/bin/assume-role
@@ -0,0 +1,36 @@
+#!/usr/bin/env bash -x
+
+aws_account_id=${1:-""}
+aws_assume_role=${2:-""}
+aws_role_session=${3:-${USER}}-"$aws_assume_role"
+
+unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN
+
+if [ -z "$aws_account_id" ]
+then
+  echo "Missing account_id"
+  usage()
+fi
+
+if [ -z "$aws_assume_role" ]
+then
+  echo "Missing assume_role"
+  usage()
+fi
+
+credentials=$(aws sts assume-role \
+    --role-arn arn:aws:iam::${aws_account_id}:role/${aws_assume_role} \
+    --role-session-name ${aws_role_session}\@cisco.com \
+    --query Credentials --output=json)
+
+
+export AWS_ACCESS_KEY_ID=$(echo $credentials | jq -r '.AccessKeyId')
+export AWS_SECRET_ACCESS_KEY=$(echo $credentials | jq -r '.SecretAccessKey')
+export AWS_SESSION_TOKEN=$(echo $credentials | jq -r '.SessionToken')
+
+
+usage() {
+  echo "assume-role <account_id> <assume_role> (session_name)\n"
+  echo "Required: account_id, assume_role\n"
+  echo 'Optional: session_name '
+}