diff --git a/lib/puppet/provider/ec2_securitygroup/v2.rb b/lib/puppet/provider/ec2_securitygroup/v2.rb
index 4e7eac34..9eeb0a6e 100644
--- a/lib/puppet/provider/ec2_securitygroup/v2.rb
+++ b/lib/puppet/provider/ec2_securitygroup/v2.rb
@@ -24,7 +24,7 @@ def self.instances
   def self.prefetch(resources)
     instances.each do |prov|
       if resource = resources[prov.name] # rubocop:disable Lint/AssignmentInCondition
-        resource.provider = prov if resource[:region] == prov.region
+        resource.provider = prov if (resource[:region] || ENV['AWS_REGION']) == prov.region
       end
     end
   end
@@ -96,14 +96,13 @@ def self.security_group_to_hash(region, group)
   end
 
   def exists?
-    dest_region = resource[:region] if resource
-    Puppet.info("Checking if security group #{name} exists in region #{dest_region || region}")
+    Puppet.info("Checking if security group #{name} exists in region #{target_region}")
     @property_hash[:ensure] == :present
   end
 
   def create
-    Puppet.info("Creating security group #{name} in region #{resource[:region]}")
-    ec2 = ec2_client(resource[:region])
+    Puppet.info("Creating security group #{name} in region #{target_region}")
+    ec2 = ec2_client(target_region)
     config = {
       group_name: name,
       description: resource[:description]
@@ -207,8 +206,8 @@ def ingress=(value)
   end
 
   def destroy
-    Puppet.info("Deleting security group #{name} in region #{resource[:region]}")
-    ec2_client(resource[:region]).delete_security_group(
+    Puppet.info("Deleting security group #{name} in region #{target_region}")
+    ec2_client(target_region).delete_security_group(
       group_id: @property_hash[:id]
     )
     @property_hash[:ensure] = :absent
diff --git a/lib/puppet/type/ec2_securitygroup.rb b/lib/puppet/type/ec2_securitygroup.rb
index 5e499410..2a4f1f98 100644
--- a/lib/puppet/type/ec2_securitygroup.rb
+++ b/lib/puppet/type/ec2_securitygroup.rb
@@ -1,4 +1,5 @@
 require_relative '../../puppet_x/puppetlabs/property/tag.rb'
+require_relative '../../puppet_x/puppetlabs/property/region'
 require_relative '../../puppet_x/puppetlabs/aws_ingress_rules_parser'
 
 Puppet::Type.newtype(:ec2_securitygroup) do
@@ -13,11 +14,8 @@
     end
   end
 
-  newproperty(:region) do
+  newproperty(:region, :parent => PuppetX::Property::AwsRegion) do
     desc 'the region in which to launch the security group'
-    validate do |value|
-      fail 'region should not contains spaces' if value =~ /\s/
-    end
   end
 
   newproperty(:ingress, :array_matching => :all) do
diff --git a/lib/puppet_x/puppetlabs/aws.rb b/lib/puppet_x/puppetlabs/aws.rb
index b6e4b48a..4b346977 100644
--- a/lib/puppet_x/puppetlabs/aws.rb
+++ b/lib/puppet_x/puppetlabs/aws.rb
@@ -96,6 +96,12 @@ def self.tags_for(item)
         tags
       end
 
+      def target_region
+        target = resource ? resource[:region] || region : region
+        target = nil if target == :absent
+        target || ENV['AWS_REGION']
+      end
+
       def tags=(value)
         Puppet.info("Updating tags for #{name} in region #{region}")
         ec2 = ec2_client(resource[:region])
diff --git a/lib/puppet_x/puppetlabs/property/region.rb b/lib/puppet_x/puppetlabs/property/region.rb
new file mode 100644
index 00000000..d0a84210
--- /dev/null
+++ b/lib/puppet_x/puppetlabs/property/region.rb
@@ -0,0 +1,13 @@
+module PuppetX
+  module Property
+    class AwsRegion < Puppet::Property
+      validate do |value|
+        name = resource[:name]
+        fail "region for #{name} should not contains spaces" if value =~ /\s/
+        if !ENV['AWS_REGION'].nil? && ENV['AWS_REGION'] != value
+          fail "if using AWS_REGION environment variable it must match the specified region value for #{name}"
+        end
+      end
+    end
+  end
+end