diff --git a/bootstrap/crossplane/kustomization.yaml b/bootstrap/crossplane/kustomization.yaml
index 7bb9678..3f78f1c 100644
--- a/bootstrap/crossplane/kustomization.yaml
+++ b/bootstrap/crossplane/kustomization.yaml
@@ -11,7 +11,9 @@ helmCharts:
 
 resources:
   - ns.yaml
-  - providerconfig.yaml
+  - providerconfig.default.yaml
+  - providerconfig.route53.yaml
+  - providerconfig.s3.yaml
 
 generators:
   - secret-generator.yaml
diff --git a/bootstrap/crossplane/providerconfig.yaml b/bootstrap/crossplane/providerconfig.default.yaml
similarity index 79%
rename from bootstrap/crossplane/providerconfig.yaml
rename to bootstrap/crossplane/providerconfig.default.yaml
index af5b011..c975762 100644
--- a/bootstrap/crossplane/providerconfig.yaml
+++ b/bootstrap/crossplane/providerconfig.default.yaml
@@ -6,13 +6,12 @@ metadata:
     argocd.argoproj.io/hook: PostSync
     argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
 spec:
+  assumeRoleChain:
+    - roleARN: "arn:aws:iam::000654387266:role/CrossplaneServiceRole"
+
   credentials:
     source: Secret
     secretRef:
       namespace: crossplane-system
       name: aws-secret
       key: creds
-
-  assumeRole:
-    roleARN: "arn:aws:iam::000654387266:role/crossplane"
-
diff --git a/bootstrap/crossplane/providerconfig.route53.yaml b/bootstrap/crossplane/providerconfig.route53.yaml
new file mode 100644
index 0000000..f1a0153
--- /dev/null
+++ b/bootstrap/crossplane/providerconfig.route53.yaml
@@ -0,0 +1,18 @@
+apiVersion: aws.upbound.io/v1beta1
+kind: ProviderConfig
+metadata:
+  name: route53
+  annotations:
+    argocd.argoproj.io/hook: PostSync
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+spec:
+  assumeRoleChain:
+    - roleARN: "arn:aws:iam::000654387266:role/CrossplaneServiceRole"
+    - roleARN: "arn:aws:iam::000654387266:role/Route53ManagementRole"
+
+  credentials:
+    source: Secret
+    secretRef:
+      namespace: crossplane-system
+      name: aws-secret
+      key: creds
diff --git a/bootstrap/crossplane/providerconfig.s3.yaml b/bootstrap/crossplane/providerconfig.s3.yaml
new file mode 100644
index 0000000..15d47f0
--- /dev/null
+++ b/bootstrap/crossplane/providerconfig.s3.yaml
@@ -0,0 +1,18 @@
+apiVersion: aws.upbound.io/v1beta1
+kind: ProviderConfig
+metadata:
+  name: s3
+  annotations:
+    argocd.argoproj.io/hook: PostSync
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+spec:
+  assumeRoleChain:
+    - roleARN: "arn:aws:iam::000654387266:role/CrossplaneServiceRole"
+    - roleARN: "arn:aws:iam::000654387266:role/S3ManageHomelab"
+
+  credentials:
+    source: Secret
+    secretRef:
+      namespace: crossplane-system
+      name: aws-secret
+      key: creds