diff --git a/pkg/cloud/identity/identity.go b/pkg/cloud/identity/identity.go
index c14a667e24..223931fbf3 100644
--- a/pkg/cloud/identity/identity.go
+++ b/pkg/cloud/identity/identity.go
@@ -79,11 +79,12 @@ func GetAssumeRoleCredentials(roleIdentityProvider *AWSRolePrincipalTypeProvider
 }
 
 // NewAWSRolePrincipalTypeProvider will create a new AWSRolePrincipalTypeProvider from an AWSClusterRoleIdentity.
-func NewAWSRolePrincipalTypeProvider(identity *infrav1.AWSClusterRoleIdentity, sourceProvider *AWSPrincipalTypeProvider, log logger.Wrapper) *AWSRolePrincipalTypeProvider {
+func NewAWSRolePrincipalTypeProvider(identity *infrav1.AWSClusterRoleIdentity, sourceProvider *AWSPrincipalTypeProvider, region string, log logger.Wrapper) *AWSRolePrincipalTypeProvider {
 	return &AWSRolePrincipalTypeProvider{
 		credentials:    nil,
 		stsClient:      nil,
 		Principal:      identity,
+		region:         region,
 		sourceProvider: sourceProvider,
 		log:            log.WithName("AWSRolePrincipalTypeProvider"),
 	}
@@ -129,6 +130,7 @@ func (p *AWSStaticPrincipalTypeProvider) IsExpired() bool {
 type AWSRolePrincipalTypeProvider struct {
 	Principal      *infrav1.AWSClusterRoleIdentity
 	credentials    *credentials.Credentials
+	region         string
 	sourceProvider *AWSPrincipalTypeProvider
 	log            logger.Wrapper
 	stsClient      stsiface.STSAPI
@@ -153,7 +155,7 @@ func (p *AWSRolePrincipalTypeProvider) Name() string {
 // Retrieve returns the credential values for the AWSRolePrincipalTypeProvider.
 func (p *AWSRolePrincipalTypeProvider) Retrieve() (credentials.Value, error) {
 	if p.credentials == nil || p.IsExpired() {
-		awsConfig := aws.NewConfig()
+		awsConfig := aws.NewConfig().WithRegion(p.region)
 		if p.sourceProvider != nil {
 			sourceCreds, err := (*p.sourceProvider).Retrieve()
 			if err != nil {
diff --git a/pkg/cloud/scope/session.go b/pkg/cloud/scope/session.go
index acf3fa3ab8..ecc492e7b7 100644
--- a/pkg/cloud/scope/session.go
+++ b/pkg/cloud/scope/session.go
@@ -314,9 +314,9 @@ func buildProvidersForRef(
 		}
 
 		if sourceProvider != nil {
-			provider = identity.NewAWSRolePrincipalTypeProvider(roleIdentity, &sourceProvider, log)
+			provider = identity.NewAWSRolePrincipalTypeProvider(roleIdentity, &sourceProvider, clusterScoper.Region(), log)
 		} else {
-			provider = identity.NewAWSRolePrincipalTypeProvider(roleIdentity, nil, log)
+			provider = identity.NewAWSRolePrincipalTypeProvider(roleIdentity, nil, clusterScoper.Region(), log)
 		}
 		providers = append(providers, provider)
 	default: