diff --git a/plugins/proxy-sigv4-backend/README.md b/plugins/proxy-sigv4-backend/README.md
index 680e61b..e2c8659 100644
--- a/plugins/proxy-sigv4-backend/README.md
+++ b/plugins/proxy-sigv4-backend/README.md
@@ -112,9 +112,13 @@ proxysigv4:
 
 ### Expanded form
 
-The expanded form is necessary when an `AssumeRole` call _is_ required, _or_ if the target API service and region cannot
-be automatically derived from the URL (commonplace when a custom domain name has been configured for an API Gateway
-endpoint).
+The expanded form is necessary when:
+
+- `AssumeRole` call _is_ required, _or_ if the target API service and region cannot
+  be automatically derived from the URL (commonplace when a custom domain name has been configured for an API Gateway
+  endpoint).
+- The service if not possible to determine it automatically.
+- The region if not possible to determine it automatically.
 
 ```yaml
 proxysigv4:
@@ -122,6 +126,8 @@ proxysigv4:
     target: 'https://<API ID>.execute-api.<region>.amazonaws.com'
     roleArn: 'arn:aws:iam::<account>:role/<name>'
     roleSessionName: tempAssumeRoleSession ## optional
+    service: '<service>' ## optional
+    region: '<region>' ## optional
 ```
 
 ### New Auth Services - Unauthorized Requests
diff --git a/plugins/proxy-sigv4-backend/src/service/router.ts b/plugins/proxy-sigv4-backend/src/service/router.ts
index 1acae73..3d15f65 100644
--- a/plugins/proxy-sigv4-backend/src/service/router.ts
+++ b/plugins/proxy-sigv4-backend/src/service/router.ts
@@ -45,7 +45,8 @@ export interface RouteConfig {
   target: string;
   roleArn?: string;
   roleSessionName?: string;
-  // TODO: support specifying/overriding `service` and `region` for CNAME'd endpoints
+  service?: string;
+  region?: string;
   // TODO: support specifying additional allowed forward headers
 }
 
@@ -71,6 +72,14 @@ export function normalizeRouteConfig(config: any): RouteConfig {
     throw new TypeError(`Route target must be a string`);
   }
 
+  if (fullConfig.service && typeof fullConfig.service !== 'string') {
+    throw new TypeError(`Route service must be a string`);
+  }
+
+  if (fullConfig.region && typeof fullConfig.region !== 'string') {
+    throw new TypeError(`Route region must be a string`);
+  }
+
   try {
     // eslint-disable-next-line no-new
     new URL(fullConfig.target! as string);
@@ -122,6 +131,8 @@ export async function buildMiddleware(
     target,
     roleArn,
     roleSessionName = 'backstage-plugin-proxy-sigv4-backend',
+    region,
+    service,
   } = routeConfig;
 
   const credentialsProvider = roleArn
@@ -187,6 +198,8 @@ export async function buildMiddleware(
         host: targetUrl.host,
         path: req.url, // path + search
         headers: requestHeaders,
+        service: service,
+        region: region,
       };
 
       // TODO: support other content types with bodies