diff --git a/README.md b/README.md
index fdab445..6adf48b 100644
--- a/README.md
+++ b/README.md
@@ -95,15 +95,20 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 | Name                        | Description                                                                                                                                                                                                              |  Type  | Default  | Required |
 | --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | :----: | :------: | :------: |
 | cluster_name                | Name of the EKS cluster. Also used as a prefix in names of related resources.                                                                                                                                            | string |    -     |   yes    |
-| cluster_security_group_id   | If provided, the EKS cluster will be attached to this security group. If not given, a security group will be created with necessary ingres/egress to work with the workers and provide API access to your current IP/32. | string | `` | no  |
+| cluster_security_group_id   | If provided, the EKS cluster will be attached to this security group. If not given, a security group will be created with necessary ingres/egress to work with the workers and provide API access to your current IP/32. | string |    ``    |    no    |
 | cluster_version             | Kubernetes version to use for the EKS cluster.                                                                                                                                                                           | string |  `1.10`  |    no    |
 | config_output_path          | Determines where config files are placed if using configure_kubectl_session and you want config files to land outside the current working directory.                                                                     | string |   `./`   |    no    |
 | configure_kubectl_session   | Configure the current session's kubectl to use the instantiated EKS cluster.                                                                                                                                             | string |  `true`  |    no    |
+| kubeconfig_context_name     | Name of the kubeconfig context.                                                                                                                                                                                          |  map   |  `aws`   |    no    |
+| kubeconfig_user_name        | Name of the kubeconfig user.                                                                                                                                                                                             |  map   |  `aws`   |    no    |
+| kubeconfig_aws_authenticator_command         | Command to use to to fetch AWS EKS credentials                                                                                                                                                          |  map   | `heptio-authenticator-aws` | no |
+| kubeconfig_aws_authenticator_additional_args | Any additional arguments to pass to the authenticator such as the role to assume `["-r", "MyEksRole"]`                                                                                                  |  map   | `<list>` |    no    |
+| kubeconfig_aws_authenticator_env_variables   | Environment variables that should be used when executing the authenticator i.e. `{ AWS_PROFILE = "eks"}`                                                                                                |  map   | `<map>`  |    no    |
 | subnets                     | A list of subnets to place the EKS cluster and workers within.                                                                                                                                                           |  list  |    -     |   yes    |
 | tags                        | A map of tags to add to all resources.                                                                                                                                                                                   | string | `<map>`  |    no    |
 | vpc_id                      | VPC where the cluster and workers will be deployed.                                                                                                                                                                      | string |    -     |   yes    |
 | worker_groups               | A list of maps defining worker group configurations. See workers_group_defaults for valid keys.                                                                                                                          |  list  | `<list>` |    no    |
-| worker_security_group_id    | If provided, all workers will be attached to this security group. If not given, a security group will be created with necessary ingres/egress to work with the EKS cluster.                                              | string | `` | no  |
+| worker_security_group_id    | If provided, all workers will be attached to this security group. If not given, a security group will be created with necessary ingres/egress to work with the EKS cluster.                                              | string |    ``    |    no    |
 | worker_sg_ingress_from_port | Minimum port number from which pods will accept communication. Must be changed to a lower value if some pods in your cluster will expose a port lower than 1025 (e.g. 22, 80, or 443).                                   | string |  `1025`  |    no    |
 | workers_group_defaults      | Default values for target groups as defined by the list of maps.                                                                                                                                                         |  map   | `<map>`  |    no    |
 | workstation_cidr            | Override the default ingress rule that allows communication with the EKS cluster API. If not given, will use current IP/32.                                                                                              | string |    -     |    no    |
diff --git a/data.tf b/data.tf
index 9fe0727..c47075f 100644
--- a/data.tf
+++ b/data.tf
@@ -44,14 +44,33 @@ data "aws_iam_policy_document" "cluster_assume_role_policy" {
   }
 }
 
-data template_file kubeconfig {
+data "template_file" "kubeconfig" {
   template = "${file("${path.module}/templates/kubeconfig.tpl")}"
 
   vars {
-    cluster_name        = "${var.cluster_name}"
-    endpoint            = "${aws_eks_cluster.this.endpoint}"
-    region              = "${data.aws_region.current.name}"
-    cluster_auth_base64 = "${aws_eks_cluster.this.certificate_authority.0.data}"
+    cluster_name                      = "${var.cluster_name}"
+    endpoint                          = "${aws_eks_cluster.this.endpoint}"
+    region                            = "${data.aws_region.current.name}"
+    cluster_auth_base64               = "${aws_eks_cluster.this.certificate_authority.0.data}"
+    context_name                      = "${var.kubeconfig_context_name}"
+    user_name                         = "${var.kubeconfig_user_name}"
+    aws_authenticator_command         = "${var.kubeconfig_aws_authenticator_command}"
+    aws_authenticator_additional_args = "${length(var.kubeconfig_aws_authenticator_additional_args) > 0 ? "        - ${join("\n        - ", var.kubeconfig_aws_authenticator_additional_args)}" : "" }"
+    aws_authenticator_env_variables   = "${length(var.kubeconfig_aws_authenticator_env_variables) > 0 ? "      env:\n${join("\n", data.template_file.aws_authenticator_env_variables.*.rendered)}" : ""}"
+  }
+}
+
+data "template_file" "aws_authenticator_env_variables" {
+  template = <<EOF
+        - name: $${key}
+          value: $${value}
+EOF
+
+  count = "${length(var.kubeconfig_aws_authenticator_env_variables)}"
+
+  vars {
+    value = "${element(values(var.kubeconfig_aws_authenticator_env_variables), count.index)}"
+    key   = "${element(keys(var.kubeconfig_aws_authenticator_env_variables), count.index)}"
   }
 }
 
diff --git a/templates/config-map-aws-auth.yaml.tpl b/templates/config-map-aws-auth.yaml.tpl
index e5bf4fa..746817f 100644
--- a/templates/config-map-aws-auth.yaml.tpl
+++ b/templates/config-map-aws-auth.yaml.tpl
@@ -1,12 +1,12 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: aws-auth
-  namespace: kube-system
-data:
-  mapRoles: |
-    - rolearn: ${role_arn}
-      username: system:node:{{EC2PrivateDNSName}}
-      groups:
-        - system:bootstrappers
-        - system:nodes
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: aws-auth
+  namespace: kube-system
+data:
+  mapRoles: |
+    - rolearn: ${role_arn}
+      username: system:node:{{EC2PrivateDNSName}}
+      groups:
+        - system:bootstrappers
+        - system:nodes
diff --git a/templates/kubeconfig.tpl b/templates/kubeconfig.tpl
index 9f9dc78..7babdb5 100644
--- a/templates/kubeconfig.tpl
+++ b/templates/kubeconfig.tpl
@@ -1,27 +1,29 @@
-apiVersion: v1
-preferences: {}
-kind: Config
-
-clusters:
-- cluster:
-    server: ${endpoint}
-    certificate-authority-data: ${cluster_auth_base64}
-  name: kubernetes
-
-contexts:
-- context:
-    cluster: kubernetes
-    user: aws
-  name: aws
-current-context: aws
-
-users:
-- name: aws
-  user:
-    exec:
-      apiVersion: client.authentication.k8s.io/v1alpha1
-      command: heptio-authenticator-aws
-      args:
-        - "token"
-        - "-i"
-        - "${cluster_name}"
+apiVersion: v1
+preferences: {}
+kind: Config
+
+clusters:
+- cluster:
+    server: ${endpoint}
+    certificate-authority-data: ${cluster_auth_base64}
+  name: ${cluster_name}
+
+contexts:
+- context:
+    cluster: ${cluster_name}
+    user: ${user_name}
+  name: ${context_name}
+current-context: ${context_name}
+
+users:
+- name: ${user_name}
+  user:
+    exec:
+      apiVersion: client.authentication.k8s.io/v1alpha1
+      command: ${aws_authenticator_command}
+      args:
+        - "token"
+        - "-i"
+        - "${cluster_name}"
+${aws_authenticator_additional_args}
+${aws_authenticator_env_variables}
\ No newline at end of file
diff --git a/variables.tf b/variables.tf
index 612dcc0..4bfb415 100644
--- a/variables.tf
+++ b/variables.tf
@@ -78,3 +78,28 @@ variable "worker_sg_ingress_from_port" {
   description = "Minimum port number from which pods will accept communication. Must be changed to a lower value if some pods in your cluster will expose a port lower than 1025 (e.g. 22, 80, or 443)."
   default     = "1025"
 }
+
+variable "kubeconfig_context_name" {
+  description = "Name of the kubeconfig context."
+  default     = "aws"
+}
+
+variable "kubeconfig_user_name" {
+  description = "Name of the kubeconfig user."
+  default     = "aws"
+}
+
+variable "kubeconfig_aws_authenticator_command" {
+  description = "Command to use to to fetch AWS EKS credentials"
+  default     = "heptio-authenticator-aws"
+}
+
+variable "kubeconfig_aws_authenticator_additional_args" {
+  description = "Any additional arguments to pass to the authenticator such as the role to assume [\"-r\", \"MyEksRole\"]"
+  default     = []
+}
+
+variable "kubeconfig_aws_authenticator_env_variables" {
+  description = "Environment variables that should be used when executing the authenticator i.e. { AWS_PROFILE = \"eks\"}"
+  default     = {}
+}