diff --git a/builtin/credential/aws-ec2/path_role.go b/builtin/credential/aws-ec2/path_role.go
index 2c25c91eb63e..fc70d2bf7dfb 100644
--- a/builtin/credential/aws-ec2/path_role.go
+++ b/builtin/credential/aws-ec2/path_role.go
@@ -350,12 +350,14 @@ func (b *backend) pathRoleCreateUpdate(
 
 	// Ensure that at least one bound is set on the role
 	switch {
-	case roleEntry.BoundAccountID != "":
 	case roleEntry.BoundAmiID != "":
-	case roleEntry.BoundIamInstanceProfileARN != "":
+	case roleEntry.BoundAccountID != "":
+	case roleEntry.BoundRegion != "":
+	case roleEntry.BoundVpcID != "":
+	case roleEntry.BoundSubnetID != "":
 	case roleEntry.BoundIamRoleARN != "":
+	case roleEntry.BoundIamInstanceProfileARN != "":
 	default:
-
 		return logical.ErrorResponse("at least be one bound parameter should be specified on the role"), nil
 	}
 
diff --git a/builtin/credential/aws-ec2/path_role_test.go b/builtin/credential/aws-ec2/path_role_test.go
index 243f80d308ca..1ef87c28449c 100644
--- a/builtin/credential/aws-ec2/path_role_test.go
+++ b/builtin/credential/aws-ec2/path_role_test.go
@@ -9,6 +9,8 @@ import (
 )
 
 func TestAwsEc2_RoleCrud(t *testing.T) {
+	var err error
+	var resp *logical.Response
 	config := logical.TestBackendConfig()
 	storage := &logical.InmemStorage{}
 	config.StorageView = storage
@@ -22,6 +24,23 @@ func TestAwsEc2_RoleCrud(t *testing.T) {
 		t.Fatal(err)
 	}
 
+	role1Data := map[string]interface{}{
+		"bound_vpc_id":             "testvpcid",
+		"allow_instance_migration": true,
+		"policies":                 "testpolicy1,testpolicy2",
+	}
+	roleReq := &logical.Request{
+		Operation: logical.UpdateOperation,
+		Storage:   storage,
+		Path:      "role/role1",
+		Data:      role1Data,
+	}
+
+	resp, err = b.HandleRequest(roleReq)
+	if err != nil || (resp != nil && resp.IsError()) {
+		t.Fatalf("resp: %#v, err: %v", resp, err)
+	}
+
 	roleData := map[string]interface{}{
 		"bound_ami_id":                   "testamiid",
 		"bound_account_id":               "testaccountid",
@@ -40,14 +59,9 @@ func TestAwsEc2_RoleCrud(t *testing.T) {
 		"period":                    "1m",
 	}
 
-	roleReq := &logical.Request{
-		Operation: logical.UpdateOperation,
-		Storage:   storage,
-		Path:      "role/testrole",
-		Data:      roleData,
-	}
-
-	resp, err := b.HandleRequest(roleReq)
+	roleReq.Path = "role/testrole"
+	roleReq.Data = roleData
+	resp, err = b.HandleRequest(roleReq)
 	if err != nil || (resp != nil && resp.IsError()) {
 		t.Fatalf("resp: %#v, err: %v", resp, err)
 	}