diff --git a/aws/github-runner/README.md b/aws/github-runner/README.md
index 4fb529c6..f2cc6d76 100644
--- a/aws/github-runner/README.md
+++ b/aws/github-runner/README.md
@@ -24,6 +24,7 @@ No modules.
 | [aws_iam_role_policy_attachment.attach_github_secrets_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_kms_key.default_secrets_manager_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_key) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
 ## Inputs
 
diff --git a/aws/github-runner/iam.tf b/aws/github-runner/iam.tf
index 7de06d7c..ab31e7c4 100644
--- a/aws/github-runner/iam.tf
+++ b/aws/github-runner/iam.tf
@@ -31,7 +31,7 @@ resource "aws_iam_policy" "github_secrets_policy" {
       "Action": [
         "secretsmanager:GetSecretValue"
       ],
-      "Resource": "arn:aws:secretsmanager:${data.aws_caller_identity.current.account_id}:secret:${var.secrets_suffix}"
+      "Resource": "arn:aws:secretsmanager:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:secret:${var.secrets_suffix}"
     },
     {
       "Effect": "Allow",
diff --git a/aws/github-runner/locals.tf b/aws/github-runner/locals.tf
index c173a594..9db9975a 100644
--- a/aws/github-runner/locals.tf
+++ b/aws/github-runner/locals.tf
@@ -1,4 +1,5 @@
 data "aws_caller_identity" "current" {}
+data "aws_region" "current" {}
 
 # Fetch the default KMS key for Secrets Manager
 data "aws_kms_key" "default_secrets_manager_key" {