diff --git a/template/interpolate/aws/secretsmanager/secretsmanager.go b/template/interpolate/aws/secretsmanager/secretsmanager.go
index 9cdcd4ed3..67ec3b90b 100644
--- a/template/interpolate/aws/secretsmanager/secretsmanager.go
+++ b/template/interpolate/aws/secretsmanager/secretsmanager.go
@@ -5,6 +5,7 @@ package secretsmanager
 import (
 	"encoding/json"
 	"errors"
+	"fmt"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/session"
@@ -31,14 +32,15 @@ func New(config *AWSConfig) *Client {
 
 func (c *Client) newSession(config *AWSConfig) *session.Session {
 	// Initialize config with error verbosity
-	sess := aws.NewConfig().WithCredentialsChainVerboseErrors(true)
+	sessConfig := aws.NewConfig().WithCredentialsChainVerboseErrors(true)
 
 	if config.Region != "" {
-		sess = sess.WithRegion(config.Region)
+		sessConfig = sessConfig.WithRegion(config.Region)
 	}
 
 	opts := session.Options{
-		Config: *sess,
+		SharedConfigState: session.SharedConfigEnable,
+		Config:            *sessConfig,
 	}
 
 	return session.Must(session.NewSessionWithOptions(opts))
@@ -102,5 +104,5 @@ func getSecretValue(s *SecretString, spec *SecretSpec) (string, error) {
 		return v, nil
 	}
 
-	return "", errors.New("No secret found")
+	return "", fmt.Errorf("No secret found for key %q", spec.Key)
 }
diff --git a/template/interpolate/funcs.go b/template/interpolate/funcs.go
index 6f2c8fce1..8fd68a821 100644
--- a/template/interpolate/funcs.go
+++ b/template/interpolate/funcs.go
@@ -299,12 +299,12 @@ func funcGenAwsSecrets(ctx *Context) interface{} {
 		if !ctx.EnableEnv {
 			// The error message doesn't have to be that detailed since
 			// semantic checks should catch this.
-			return "", errors.New("AWS Secrets Manager vars are only allowed in the variables section")
+			return "", errors.New("AWS Secrets Manager is only allowed in the variables section")
 		}
 
 		// Check if at least 1 parameter has been used
 		if len(secret) == 0 {
-			return "", errors.New("At least one parameter must be used")
+			return "", errors.New("At least one secret name must be provided")
 		}
 		// client uses AWS SDK CredentialChain method. So,credentials can
 		// be loaded from credential file, environment variables, or IAM
@@ -329,7 +329,7 @@ func funcGenAwsSecrets(ctx *Context) interface{} {
 
 		s, err := client.GetSecret(spec)
 		if err != nil {
-			return "", fmt.Errorf("Error getting secret: %s", err)
+			return "", err
 		}
 		return s, nil
 	}