Description
Describe the feature
It would be great if in a profile's configuration rather than just default region to only allow certain regions to be used. In a large org with many accounts and regions, it's very common to make a mistake to use a profile / account against a region it's not operating in. Our model is essentially one region / datacenter per account. It would be a great additional client side safety measure so that you can configure your profile to fail fast. Yes you can configure this on IAM role side or SCP, but this would be a great quick safety measure.
Use Case
see above
Proposed Solution
Allow in profile settings have a config field allowed_regions or something similar with a comma delimited list of regions that can be used for this profile. Fail if default region is not in this settings list.
Other Information
No response
Acknowledgements
- I may be able to implement this feature request
- This feature might incur a breaking change
CLI version used
2.27.42
Environment details (OS name and version, etc.)
MacOS