diff --git a/.evergreen/auth_aws/setup_secrets.py b/.evergreen/auth_aws/setup_secrets.py
index 8cb18949..5c52270c 100644
--- a/.evergreen/auth_aws/setup_secrets.py
+++ b/.evergreen/auth_aws/setup_secrets.py
@@ -5,38 +5,18 @@
 import argparse
 import json
 import os
-import yaml
 import boto3
 
 
 def get_secrets(vaults, region, profile):
     """Get the driver secret values."""
     # Handle local credentials.
-    try:
-        if profile is not None:
-            session = boto3.Session(profile_name=profile)
-        else:
-            session = boto3.Session()
-        client = session.client(service_name='secretsmanager', region_name=region)
-    except Exception:
-        print("Failed to connect using AWS credentials, trying with environment variables")
-        if "AWS_SESSION_TOKEN" not in os.environ:
-            if "AWS_ROLE_ARN" in os.environ:
-                session = boto3.Session(aws_access_key_id=os.environ['AWS_ACCESS_KEY_ID'],
-                                        aws_secret_access_key=os.environ['AWS_SECRET_ACCESS_KEY'])
-                client = session.client(service_name='sts', region_name=region)
-                creds = client.assume_role(RoleArn=os.environ['AWS_ROLE_ARN'], RoleSessionName='test')['Credentials']
-                os.environ['AWS_ACCESS_KEY_ID'] = creds['AccessKeyId']
-                os.environ['AWS_SECRET_ACCESS_KEY'] = creds['SecretAccessKey']
-                os.environ['AWS_SESSION_TOKEN'] = creds['SessionToken']
-            else:
-                raise ValueError('Missing AWS credentials')
-
-        # Create a session using the given creds
-        session = boto3.Session(aws_access_key_id=os.environ['AWS_ACCESS_KEY_ID'],
-                                aws_secret_access_key=os.environ['AWS_SECRET_ACCESS_KEY'],
-                                aws_session_token=os.environ['AWS_SESSION_TOKEN'])
-        client = session.client(service_name='secretsmanager', region_name=region)
+    # TODO: rectify this with how we run locally.
+    profile = profile or os.environ.get("AWS_PROFILE")
+    if "AWS_ACCESS_KEY_ID" not in os.environ and not profile:
+        raise ValueError("Please provide a profile (typically using AWS_PROFILE)")
+    session = boto3.Session(profile_name=profile)
+    client = session.client(service_name='secretsmanager', region_name=region)
 
     secrets = []
     try:
@@ -87,4 +67,6 @@ def main():
 
 
 if __name__ == '__main__':
+    # See https://wiki.corp.mongodb.com/display/DRIVERS/Using+AWS+Secrets+Manager+to+Store+Testing+Secrets
+    # for details on usage.
     main()
diff --git a/.evergreen/auth_aws/setup_secrets.sh b/.evergreen/auth_aws/setup_secrets.sh
new file mode 100644
index 00000000..601ef1e4
--- /dev/null
+++ b/.evergreen/auth_aws/setup_secrets.sh
@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+# setup_secrets
+set -eu
+
+HERE=$(dirname $0)
+
+pushd $HERE
+. ./activate-authawsvenv.sh
+popd
+echo "Getting secrets: $@"
+python $HERE/setup_secrets.py $@
+echo "Got secrets"