diff --git a/lib/puppet/provider/ec2_securitygroup/v2.rb b/lib/puppet/provider/ec2_securitygroup/v2.rb
index 414167e5..a6c57968 100644
--- a/lib/puppet/provider/ec2_securitygroup/v2.rb
+++ b/lib/puppet/provider/ec2_securitygroup/v2.rb
@@ -23,7 +23,7 @@ def self.instances
   def self.prefetch(resources)
     instances.each do |prov|
       if resource = resources[prov.name] # rubocop:disable Lint/AssignmentInCondition
-        resource.provider = prov if resource[:region] == prov.region
+        resource.provider = prov if (resource[:region] || ENV['AWS_REGION']) == prov.region
       end
     end
   end
@@ -83,14 +83,13 @@ def self.security_group_to_hash(region, group)
   end
 
   def exists?
-    dest_region = resource[:region] if resource
-    Puppet.info("Checking if security group #{name} exists in region #{dest_region || region}")
+    Puppet.info("Checking if security group #{name} exists in region #{target_region}")
     @property_hash[:ensure] == :present
   end
 
   def create
-    Puppet.info("Creating security group #{name} in region #{resource[:region]}")
-    ec2 = ec2_client(resource[:region])
+    Puppet.info("Creating security group #{name} in region #{target_region}")
+    ec2 = ec2_client(target_region)
     config = {
       group_name: name,
       description: resource[:description]
@@ -121,13 +120,12 @@ def create
   end
 
   def authorize_ingress(new_rules, existing_rules=[])
-    ec2 = ec2_client(resource[:region])
+    ec2 = ec2_client(target_region)
     new_rules = [new_rules] unless new_rules.is_a?(Array)
 
     to_create = new_rules - existing_rules
     to_delete = existing_rules - new_rules
 
-
     to_create.reject(&:nil?).each do |rule|
       if rule.key? 'security_group'
         source_group_name = rule['security_group']
@@ -201,8 +199,8 @@ def ingress=(value)
   end
 
   def destroy
-    Puppet.info("Deleting security group #{name} in region #{resource[:region]}")
-    ec2_client(resource[:region]).delete_security_group(
+    Puppet.info("Deleting security group #{name} in region #{target_region}")
+    ec2_client(target_region).delete_security_group(
       group_id: @property_hash[:id]
     )
     @property_hash[:ensure] = :absent
diff --git a/lib/puppet_x/puppetlabs/aws.rb b/lib/puppet_x/puppetlabs/aws.rb
index 56d4be00..93823295 100644
--- a/lib/puppet_x/puppetlabs/aws.rb
+++ b/lib/puppet_x/puppetlabs/aws.rb
@@ -98,6 +98,12 @@ def self.tags_for(item)
         tags
       end
 
+      def target_region
+        target = resource ? resource[:region] || region : region
+        target = nil if target == :absent
+        target || ENV['AWS_REGION']
+      end
+
       def tags=(value)
         Puppet.info("Updating tags for #{name} in region #{region}")
         ec2 = ec2_client(resource[:region])