diff --git a/lambda-invoker/src/test/java/com/networknt/aws/lambda/LambdaInvokerConfigTest.java b/lambda-invoker/src/test/java/com/networknt/aws/lambda/LambdaInvokerConfigTest.java
index 9cf783d..7ca6e87 100644
--- a/lambda-invoker/src/test/java/com/networknt/aws/lambda/LambdaInvokerConfigTest.java
+++ b/lambda-invoker/src/test/java/com/networknt/aws/lambda/LambdaInvokerConfigTest.java
@@ -1,11 +1,16 @@
 package com.networknt.aws.lambda;
 
 import com.networknt.config.Config;
+import com.networknt.config.ConfigException;
 import com.networknt.config.JsonMapper;
 import org.junit.jupiter.api.Test;
 
 import java.util.Map;
 
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
 public class LambdaInvokerConfigTest {
     private static LambdaInvokerConfig config = (LambdaInvokerConfig) Config.getInstance().getJsonObjectConfig(LambdaInvokerConfig.CONFIG_NAME, LambdaInvokerConfig.class);
 
@@ -14,4 +19,17 @@ public void testFunctionMapping() {
         Map<String, String> functions = config.getFunctions();
         System.out.println(JsonMapper.toJson(functions));
     }
+
+    @Test
+    public void testStsEnabledWithoutRoleArnThrowsConfigException() {
+        assertThrows(ConfigException.class, () -> LambdaInvokerConfig.load("lambda-invoker-sts-no-role"),
+                "ConfigException was not thrown despite stsEnabled=true with blank roleArn");
+    }
+
+    @Test
+    public void testStsEnabledWithRoleArnSucceeds() {
+        LambdaInvokerConfig stsConfig = LambdaInvokerConfig.load("lambda-invoker-sts-with-role");
+        assertNotNull(stsConfig);
+        assertEquals("arn:aws:iam::123456789012:role/TestRole", stsConfig.getRoleArn());
+    }
 }
diff --git a/lambda-invoker/src/test/resources/config/lambda-invoker-sts-no-role.yml b/lambda-invoker/src/test/resources/config/lambda-invoker-sts-no-role.yml
new file mode 100644
index 0000000..9841484
--- /dev/null
+++ b/lambda-invoker/src/test/resources/config/lambda-invoker-sts-no-role.yml
@@ -0,0 +1,2 @@
+stsEnabled: true
+roleArn:
diff --git a/lambda-invoker/src/test/resources/config/lambda-invoker-sts-with-role.yml b/lambda-invoker/src/test/resources/config/lambda-invoker-sts-with-role.yml
new file mode 100644
index 0000000..7ddc658
--- /dev/null
+++ b/lambda-invoker/src/test/resources/config/lambda-invoker-sts-with-role.yml
@@ -0,0 +1,2 @@
+stsEnabled: true
+roleArn: arn:aws:iam::123456789012:role/TestRole