diff --git a/src/aws/auth.rs b/src/aws/auth.rs
index b975c2a51d02c..ee9095bfdf15f 100644
--- a/src/aws/auth.rs
+++ b/src/aws/auth.rs
@@ -114,6 +114,15 @@ pub enum AwsAuthentication {
         #[configurable(metadata(docs::examples = "develop"))]
         #[serde(default = "default_profile")]
         profile: String,
+
+        /// The [AWS region][aws_region] to send STS requests to.
+        ///
+        /// If not set, this defaults to the configured region
+        /// for the service itself.
+        ///
+        /// [aws_region]: https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints
+        #[configurable(metadata(docs::examples = "us-west-2"))]
+        region: Option<String>,
     },
 
     /// Assume the given role ARN.
@@ -244,15 +253,23 @@ impl AwsAuthentication {
             AwsAuthentication::File {
                 credentials_file,
                 profile,
+                region,
             } => {
                 // The SDK uses the default profile out of the box, but doesn't provide an optional
                 // type in the builder. We can just hardcode it so that everything works.
+                let auth_region = region.clone().map(Region::new).unwrap_or(service_region);
+                let connector = super::connector(proxy, tls_options)?;
+                let provider_config = ProviderConfig::empty()
+                    .with_region(Option::from(auth_region))
+                    .with_http_client(connector);
+
                 let profile_files = ProfileFiles::builder()
                     .with_file(ProfileFileKind::Credentials, credentials_file)
                     .build();
                 let profile_provider = ProfileFileCredentialsProvider::builder()
                     .profile_files(profile_files)
                     .profile_name(profile)
+                    .configure(&provider_config)
                     .build();
                 Ok(SharedCredentialsProvider::new(profile_provider))
             }
@@ -616,6 +633,7 @@ mod tests {
             r#"
             auth.credentials_file = "/path/to/file"
             auth.profile = "foo"
+            auth.region = "us-west-2"
         "#,
         )
         .unwrap();
@@ -624,9 +642,11 @@ mod tests {
             AwsAuthentication::File {
                 credentials_file,
                 profile,
+                region,
             } => {
                 assert_eq!(&credentials_file, "/path/to/file");
                 assert_eq!(&profile, "foo");
+                assert_eq!(region.unwrap(), "us-west-2");
             }
             _ => panic!(),
         }
@@ -642,6 +662,7 @@ mod tests {
             AwsAuthentication::File {
                 credentials_file,
                 profile,
+                ..
             } => {
                 assert_eq!(&credentials_file, "/path/to/file");
                 assert_eq!(profile, "default".to_string());