diff --git a/README.md b/README.md
index d28bd06..ad44302 100644
--- a/README.md
+++ b/README.md
@@ -81,6 +81,7 @@ Similarly, it is possible to use a web identity token to perform the assume role
 config :ex_aws,
   secret_access_key: [{:awscli, "profile_name", 30}],
   access_key_id: [{:awscli, "profile_name", 30}],
+  security_token: [{:awscli, "profile_name", 30}],
   awscli_auth_adapter: ExAws.STS.AuthCache.AssumeRoleWebIdentityAdapter
 ```
 
diff --git a/lib/ex_aws/sts/auth_cache/assume_role_web_identity_adapter.ex b/lib/ex_aws/sts/auth_cache/assume_role_web_identity_adapter.ex
index 13a89d5..02f28c9 100644
--- a/lib/ex_aws/sts/auth_cache/assume_role_web_identity_adapter.ex
+++ b/lib/ex_aws/sts/auth_cache/assume_role_web_identity_adapter.ex
@@ -56,10 +56,11 @@ defmodule ExAws.STS.AuthCache.AssumeRoleWebIdentityAdapter do
       role_arn: env_role_arn(config),
       role_session_name: role_session_name(config),
       web_identity_token: web_identity_token(config),
-      # necessary for now due to how ExAws.request() works
+      # Prevent recursive callback from ExAws.request()
+      # by overriding configs that use :awscli
       access_key_id: "dummy",
-      # necessary for now due to how ExAws.request() works
-      secret_access_key: "dummy"
+      secret_access_key: "dummy",
+      security_token: "dummy"
     }
   end
 
diff --git a/test/lib/auth_cache/assume_role_web_identity_adapter_test.exs b/test/lib/auth_cache/assume_role_web_identity_adapter_test.exs
index 5d0865b..d6f7cfc 100644
--- a/test/lib/auth_cache/assume_role_web_identity_adapter_test.exs
+++ b/test/lib/auth_cache/assume_role_web_identity_adapter_test.exs
@@ -32,6 +32,7 @@ defmodule ExAws.STS.AuthCache.AssumeRoleWebIdentityAdapterTest do
         role_session_name: "test",
         access_key_id: "dummy",
         secret_access_key: "dummy",
+        security_token: "dummy",
         http_client: ExAws.Request.HttpMock
       }