diff --git a/src/aws-cpp-sdk-core/include/aws/core/auth/STSCredentialsProvider.h b/src/aws-cpp-sdk-core/include/aws/core/auth/STSCredentialsProvider.h
index 720006592c9..83d40cd4993 100644
--- a/src/aws-cpp-sdk-core/include/aws/core/auth/STSCredentialsProvider.h
+++ b/src/aws-cpp-sdk-core/include/aws/core/auth/STSCredentialsProvider.h
@@ -25,7 +25,7 @@ namespace Aws
         class AWS_CORE_API STSAssumeRoleWebIdentityCredentialsProvider : public AWSCredentialsProvider
         {
         public:
-            STSAssumeRoleWebIdentityCredentialsProvider();
+            STSAssumeRoleWebIdentityCredentialsProvider(Aws::Client::ClientConfiguration config = {Aws::Client::ClientConfigurationInitValues{true}});
 
             /**
              * Retrieves the credentials if found, otherwise returns empty credential set.
diff --git a/src/aws-cpp-sdk-core/source/auth/STSCredentialsProvider.cpp b/src/aws-cpp-sdk-core/source/auth/STSCredentialsProvider.cpp
index 7747d86951c..f58f492a58b 100644
--- a/src/aws-cpp-sdk-core/source/auth/STSCredentialsProvider.cpp
+++ b/src/aws-cpp-sdk-core/source/auth/STSCredentialsProvider.cpp
@@ -32,24 +32,18 @@ using Aws::Utils::Threading::WriterLockGuard;
 static const char STS_ASSUME_ROLE_WEB_IDENTITY_LOG_TAG[] = "STSAssumeRoleWithWebIdentityCredentialsProvider";
 static const int STS_CREDENTIAL_PROVIDER_EXPIRATION_GRACE_PERIOD = 5 * 1000;
 
-STSAssumeRoleWebIdentityCredentialsProvider::STSAssumeRoleWebIdentityCredentialsProvider() :
+STSAssumeRoleWebIdentityCredentialsProvider::STSAssumeRoleWebIdentityCredentialsProvider(Aws::Client::ClientConfiguration config) :
     m_initialized(false)
 {
     // check environment variables
-    Aws::String tmpRegion = Aws::Environment::GetEnv("AWS_DEFAULT_REGION");
     m_roleArn = Aws::Environment::GetEnv("AWS_ROLE_ARN");
     m_tokenFile = Aws::Environment::GetEnv("AWS_WEB_IDENTITY_TOKEN_FILE");
     m_sessionName = Aws::Environment::GetEnv("AWS_ROLE_SESSION_NAME");
 
     // check profile_config if either m_roleArn or m_tokenFile is not loaded from environment variable
-    // region source is not enforced, but we need it to construct sts endpoint, if we can't find from environment, we should check if it's set in config file.
-    if (m_roleArn.empty() || m_tokenFile.empty() || tmpRegion.empty())
+    if (m_roleArn.empty() || m_tokenFile.empty())
     {
         auto profile = Aws::Config::GetCachedConfigProfile(Aws::Auth::GetConfigProfileName());
-        if (tmpRegion.empty())
-        {
-            tmpRegion = profile.GetRegion();
-        }
         // If either of these two were not found from environment, use whatever found for all three in config file
         if (m_roleArn.empty() || m_tokenFile.empty())
         {
@@ -79,15 +73,6 @@ STSAssumeRoleWebIdentityCredentialsProvider::STSAssumeRoleWebIdentityCredentials
         AWS_LOGSTREAM_DEBUG(STS_ASSUME_ROLE_WEB_IDENTITY_LOG_TAG, "Resolved role_arn from profile_config or environment variable to be " << m_roleArn);
     }
 
-    if (tmpRegion.empty())
-    {
-        tmpRegion = Aws::Region::US_EAST_1;
-    }
-    else
-    {
-        AWS_LOGSTREAM_DEBUG(STS_ASSUME_ROLE_WEB_IDENTITY_LOG_TAG, "Resolved region from profile_config or environment variable to be " << tmpRegion);
-    }
-
     if (m_sessionName.empty())
     {
         m_sessionName = Aws::Utils::UUID::PseudoRandomUUID();
@@ -97,15 +82,13 @@ STSAssumeRoleWebIdentityCredentialsProvider::STSAssumeRoleWebIdentityCredentials
         AWS_LOGSTREAM_DEBUG(STS_ASSUME_ROLE_WEB_IDENTITY_LOG_TAG, "Resolved session_name from profile_config or environment variable to be " << m_sessionName);
     }
 
-    Aws::Client::ClientConfiguration config;
     config.scheme = Aws::Http::Scheme::HTTPS;
-    config.region = tmpRegion;
 
-    Aws::Vector<Aws::String> retryableErrors;
-    retryableErrors.push_back("IDPCommunicationError");
-    retryableErrors.push_back("InvalidIdentityToken");
+    if (config.retryStrategy == nullptr) {
+        Aws::Vector<Aws::String> retryableErrors{ "IDPCommunicationError", "InvalidIdentityToken" };
 
-    config.retryStrategy = Aws::MakeShared<SpecifiedRetryableErrorsRetryStrategy>(STS_ASSUME_ROLE_WEB_IDENTITY_LOG_TAG, retryableErrors, 3/*maxRetries*/);
+        config.retryStrategy = Aws::MakeShared<SpecifiedRetryableErrorsRetryStrategy>(STS_ASSUME_ROLE_WEB_IDENTITY_LOG_TAG, std::move(retryableErrors), 3/*maxRetries*/);
+    }
 
     m_client = Aws::MakeUnique<Aws::Internal::STSCredentialsClient>(STS_ASSUME_ROLE_WEB_IDENTITY_LOG_TAG, config);
     m_initialized = true;