diff --git a/.changes/next-release/bugfix-ContainerProvider-22191.json b/.changes/next-release/bugfix-ContainerProvider-22191.json
new file mode 100644
index 0000000000..76d1b4feed
--- /dev/null
+++ b/.changes/next-release/bugfix-ContainerProvider-22191.json
@@ -0,0 +1,5 @@
+{
+  "type": "bugfix",
+  "category": "ContainerProvider",
+  "description": "Properly refreshes token from file from EKS in ContainerProvider"
+}
diff --git a/botocore/credentials.py b/botocore/credentials.py
index 42707b0124..e48f0dec7c 100644
--- a/botocore/credentials.py
+++ b/botocore/credentials.py
@@ -1930,8 +1930,7 @@ def _retrieve_or_fail(self):
             full_uri = self._fetcher.full_url(self._environ[self.ENV_VAR])
         else:
             full_uri = self._environ[self.ENV_VAR_FULL]
-        headers = self._build_headers()
-        fetcher = self._create_fetcher(full_uri, headers)
+        fetcher = self._create_fetcher(full_uri)
         creds = fetcher()
         return RefreshableCredentials(
             access_key=creds['access_key'],
@@ -1958,9 +1957,10 @@ def _validate_auth_token(self, auth_token):
         if "\r" in auth_token or "\n" in auth_token:
             raise ValueError("Auth token value is not a legal header value")
 
-    def _create_fetcher(self, full_uri, headers):
+    def _create_fetcher(self, full_uri, *args, **kwargs):
         def fetch_creds():
             try:
+                headers = self._build_headers()
                 response = self._fetcher.retrieve_full_uri(
                     full_uri, headers=headers
                 )