diff --git a/lambda-invoker/src/main/java/com/networknt/aws/lambda/LambdaInvokerConfig.java b/lambda-invoker/src/main/java/com/networknt/aws/lambda/LambdaInvokerConfig.java
index 00c0a6c..14d2e54 100644
--- a/lambda-invoker/src/main/java/com/networknt/aws/lambda/LambdaInvokerConfig.java
+++ b/lambda-invoker/src/main/java/com/networknt/aws/lambda/LambdaInvokerConfig.java
@@ -199,6 +199,7 @@ private LambdaInvokerConfig(String configName) {
         mappedConfig = Config.getInstance().getJsonMapConfig(configName);
         setConfigData();
         setConfigMap();
+        validate();
     }
 
     public static LambdaInvokerConfig load() {
@@ -453,4 +454,10 @@ private void setConfigMap() {
             functions = Collections.emptyMap();
         }
     }
+
+    private void validate() {
+        if (stsEnabled && (roleArn == null || roleArn.trim().isEmpty())) {
+            throw new ConfigException(ROLE_ARN + " must be configured when " + STS_ENABLED + " is true.");
+        }
+    }
 }
diff --git a/lambda-invoker/src/test/java/com/networknt/aws/lambda/LambdaInvokerConfigTest.java b/lambda-invoker/src/test/java/com/networknt/aws/lambda/LambdaInvokerConfigTest.java
index 9cf783d..7ca6e87 100644
--- a/lambda-invoker/src/test/java/com/networknt/aws/lambda/LambdaInvokerConfigTest.java
+++ b/lambda-invoker/src/test/java/com/networknt/aws/lambda/LambdaInvokerConfigTest.java
@@ -1,11 +1,16 @@
 package com.networknt.aws.lambda;
 
 import com.networknt.config.Config;
+import com.networknt.config.ConfigException;
 import com.networknt.config.JsonMapper;
 import org.junit.jupiter.api.Test;
 
 import java.util.Map;
 
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
 public class LambdaInvokerConfigTest {
     private static LambdaInvokerConfig config = (LambdaInvokerConfig) Config.getInstance().getJsonObjectConfig(LambdaInvokerConfig.CONFIG_NAME, LambdaInvokerConfig.class);
 
@@ -14,4 +19,17 @@ public void testFunctionMapping() {
         Map<String, String> functions = config.getFunctions();
         System.out.println(JsonMapper.toJson(functions));
     }
+
+    @Test
+    public void testStsEnabledWithoutRoleArnThrowsConfigException() {
+        assertThrows(ConfigException.class, () -> LambdaInvokerConfig.load("lambda-invoker-sts-no-role"),
+                "ConfigException was not thrown despite stsEnabled=true with blank roleArn");
+    }
+
+    @Test
+    public void testStsEnabledWithRoleArnSucceeds() {
+        LambdaInvokerConfig stsConfig = LambdaInvokerConfig.load("lambda-invoker-sts-with-role");
+        assertNotNull(stsConfig);
+        assertEquals("arn:aws:iam::123456789012:role/TestRole", stsConfig.getRoleArn());
+    }
 }
diff --git a/lambda-invoker/src/test/resources/config/lambda-invoker-sts-no-role.yml b/lambda-invoker/src/test/resources/config/lambda-invoker-sts-no-role.yml
new file mode 100644
index 0000000..9841484
--- /dev/null
+++ b/lambda-invoker/src/test/resources/config/lambda-invoker-sts-no-role.yml
@@ -0,0 +1,2 @@
+stsEnabled: true
+roleArn:
diff --git a/lambda-invoker/src/test/resources/config/lambda-invoker-sts-with-role.yml b/lambda-invoker/src/test/resources/config/lambda-invoker-sts-with-role.yml
new file mode 100644
index 0000000..7ddc658
--- /dev/null
+++ b/lambda-invoker/src/test/resources/config/lambda-invoker-sts-with-role.yml
@@ -0,0 +1,2 @@
+stsEnabled: true
+roleArn: arn:aws:iam::123456789012:role/TestRole