diff --git a/changelogs/fragments/1428-aws-ssm-missing-credentials.yml b/changelogs/fragments/1428-aws-ssm-missing-credentials.yml
new file mode 100644
index 00000000000..49092b9ae18
--- /dev/null
+++ b/changelogs/fragments/1428-aws-ssm-missing-credentials.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - aws_ssm - fixes S3 bucket region detection by ensuring boto client has correct credentials and exists in correct partition (https://github.com/ansible-collections/community.aws/pull/1428).
diff --git a/plugins/connection/aws_ssm.py b/plugins/connection/aws_ssm.py
index 79bea085ad6..3734d64c938 100644
--- a/plugins/connection/aws_ssm.py
+++ b/plugins/connection/aws_ssm.py
@@ -534,12 +534,14 @@ def _flush_stderr(self, subprocess):
     def _get_url(self, client_method, bucket_name, out_path, http_method, profile_name, extra_args=None):
         ''' Generate URL for get_object / put_object '''
 
-        bucket_location = boto3.client('s3').get_bucket_location(
+        region_name = self.get_option('region') or 'us-east-1'
+
+        bucket_location = self._get_boto_client('s3', region_name=region_name, profile_name=profile_name).get_bucket_location(
             Bucket=(self.get_option('bucket_name')),
         )
-        region_name = bucket_location['LocationConstraint']
+        bucket_region_name = bucket_location['LocationConstraint']
 
-        client = self._get_boto_client('s3', region_name=region_name, profile_name=profile_name)
+        client = self._get_boto_client('s3', region_name=bucket_region_name, profile_name=profile_name)
         params = {'Bucket': bucket_name, 'Key': out_path}
         if extra_args is not None:
             params.update(extra_args)