amazon-web-servicesaws-regions

How to disable an AWS region?


I don't want letting people to use AWS services in region they should not use. Can I disable regions entirely for an Organization?

I see here "You cannot disable a Region that is enabled by default." here: https://docs.aws.amazon.com/general/latest/gr/rande-manage.html

is there another way?


Solution

  • You can't disable the region per se, but you can prevent users from performing actions in whatever required region by using a SCP that denies all actions when the context key aws:RequestedRegion matches said region.

    For more information: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html