diff --git a/heat/api/aws/ec2token.py b/heat/api/aws/ec2token.py
index ca04e9bd14..bb7837f9e3 100644
--- a/heat/api/aws/ec2token.py
+++ b/heat/api/aws/ec2token.py
@@ -72,6 +72,8 @@ class EC2Token(wsgi.Middleware):
 
     @staticmethod
     def _conf_get_keystone_ec2_uri(auth_uri):
+        if auth_uri.endswith('ec2tokens'):
+            return auth_uri
         if auth_uri.endswith('/'):
             return '%sec2tokens' % auth_uri
         return '%s/ec2tokens' % auth_uri
diff --git a/heat/tests/test_api_ec2token.py b/heat/tests/test_api_ec2token.py
index 2b8d0d7181..d3bad982cc 100644
--- a/heat/tests/test_api_ec2token.py
+++ b/heat/tests/test_api_ec2token.py
@@ -469,6 +469,28 @@ class Ec2TokenTest(HeatTestCase):
 
         self.m.VerifyAll()
 
+    def test_call_ok_auth_uri_ec2authtoken_long(self):
+        # Prove we tolerate a url which already includes the /ec2tokens path
+        dummy_url = 'http://123:5000/v2.0/ec2tokens'
+        cfg.CONF.set_default('auth_uri', dummy_url, group='ec2authtoken')
+
+        ec2 = ec2token.EC2Token(app='woot', conf={})
+        params = {'AWSAccessKeyId': 'foo', 'Signature': 'xyz'}
+        req_env = {'SERVER_NAME': 'heat',
+                   'SERVER_PORT': '8000',
+                   'PATH_INFO': '/v1'}
+        dummy_req = self._dummy_GET_request(params, req_env)
+
+        ok_resp = json.dumps({'access': {'metadata': {}, 'token': {
+            'id': 123,
+            'tenant': {'name': 'tenant', 'id': 'abcd1234'}}}})
+        self._stub_http_connection(response=ok_resp,
+                                   params={'AWSAccessKeyId': 'foo'})
+        self.m.ReplayAll()
+        self.assertEqual('woot', ec2.__call__(dummy_req))
+
+        self.m.VerifyAll()
+
     def test_call_ok_auth_uri_ks_authtoken(self):
         # Import auth_token to have keystone_authtoken settings setup.
         importutils.import_module('keystoneclient.middleware.auth_token')