diff --git a/src/commands/setup.yml b/src/commands/setup.yml
index d1072b6..0c0e6db 100644
--- a/src/commands/setup.yml
+++ b/src/commands/setup.yml
@@ -1,7 +1,8 @@
 description: |
   Installs aws-cli and then configure and store AWS credentials in
   ~/.aws/credentials and ~/.aws/config.
-  If role_session_name and role_arn are provided, it will attempt to use OIDC auth.
+  If role_arn is set, either explicitly or by the value of $AWS_ROLE_ARN, this command will attempt to use OIDC
+  auth. If you're providing $AWS_ROLE_ARN but don't want to use OIDC auth, set disable_oidc to true.
 
 parameters:
   version:
@@ -77,9 +78,10 @@ parameters:
   role_arn:
     description: |
       The Amazon Resource Name (ARN) of the role that the caller is assuming.
-      Role ARN must be configured for web identity.
+      Role ARN must be configured for web identity / OIDC auth.
+      (defaults to env var of ${AWS_ROLE_ARN})
     type: string
-    default: ""
+    default: ${AWS_ROLE_ARN}
 
   role_session_name:
     description: An identifier for the assumed role session
@@ -112,6 +114,13 @@ parameters:
     description: |
       Set to true if you want to disable the AWS CLI install step. Default to false.
 
+  disable_oidc:
+    type: boolean
+    default: false
+    description: |
+      Set to true if you want don't want to use OIDC auth but are setting $AWS_ROLE_ARN. This command will otherwise
+      attempt to use OIDC auth if $AWS_ROLE_ARN is set.
+
   when:
     description: |
       Allows script to run on a specific condition of a workflow.
@@ -139,7 +148,7 @@ steps:
       condition:
         and:
           - <<parameters.role_session_name>>
-          - <<parameters.role_arn>>
+          - not: <<parameters.disable_oidc>>
       steps:
         - run:
             name: Assume Role with Web Identity
diff --git a/src/scripts/assume_role_with_web_identity.sh b/src/scripts/assume_role_with_web_identity.sh
index be283ad..8b5ed21 100644
--- a/src/scripts/assume_role_with_web_identity.sh
+++ b/src/scripts/assume_role_with_web_identity.sh
@@ -15,6 +15,11 @@ AWS_CLI_BOOL_SET_AWS_ENV_VARS="$(echo "${AWS_CLI_BOOL_SET_AWS_ENV_VARS}" | circl
 AWS_CLI_STR_ROLE_SESSION_NAME=$(printf '%s' "${AWS_CLI_STR_ROLE_SESSION_NAME}" | tr -sC 'A-Za-z0-9=,.@_\-' '-')
 AWS_CLI_STR_ROLE_SESSION_NAME=$(echo "${AWS_CLI_STR_ROLE_SESSION_NAME}" | cut -c -64)
 
+if [ -z "${AWS_CLI_STR_ROLE_ARN}" ]; then
+    echo "Role ARN is not specified. Skipping assume role with web identity."
+    exit 0
+fi
+
 if [ -z "${AWS_CLI_STR_ROLE_SESSION_NAME}" ]; then
     echo "Role session name is required"
     exit 1