diff --git a/vault/provider.go b/vault/provider.go
index 43d7da43e..b00aae9b3 100644
--- a/vault/provider.go
+++ b/vault/provider.go
@@ -344,6 +344,7 @@ func (p *VaultProvider) assumeRole(creds credentials.Value, roleArn string) (sts
 type KeyringProvider struct {
 	Keyring keyring.Keyring
 	Profile string
+	Region  string
 }
 
 func (p *KeyringProvider) IsExpired() bool {
diff --git a/vault/rotator.go b/vault/rotator.go
index 92973aa78..bd0c69e30 100644
--- a/vault/rotator.go
+++ b/vault/rotator.go
@@ -34,6 +34,7 @@ func (r *Rotator) Rotate(profile string) error {
 	provider := &KeyringProvider{
 		Keyring: r.Keyring,
 		Profile: source.Name,
+		Region:  source.Region,
 	}
 
 	oldMasterCreds, err := provider.Retrieve()
@@ -41,7 +42,7 @@ func (r *Rotator) Rotate(profile string) error {
 		return err
 	}
 
-	oldSess := session.New(&aws.Config{
+	oldSess := session.New(&aws.Config{Region: aws.String(provider.Region),
 		Credentials: credentials.NewCredentials(&credentials.StaticProvider{Value: oldMasterCreds}),
 	})
 
@@ -84,7 +85,7 @@ func (r *Rotator) Rotate(profile string) error {
 		iamUserName = aws.String(currentUserName)
 	}
 
-	oldSessionClient := iam.New(session.New(&aws.Config{
+	oldSessionClient := iam.New(session.New(&aws.Config{Region: aws.String(provider.Region),
 		Credentials: credentials.NewCredentials(&credentials.StaticProvider{Value: oldSessionVal}),
 	}))
 
@@ -131,7 +132,7 @@ func (r *Rotator) Rotate(profile string) error {
 			return err
 		}
 
-		newClient := iam.New(session.New(&aws.Config{
+		newClient := iam.New(session.New(&aws.Config{Region: aws.String(provider.Region),
 			Credentials: credentials.NewCredentials(&credentials.StaticProvider{Value: newVal}),
 		}))