Home > Quick Wins > Select the region(s) where you want to operate and block the rest

Select the region(s) where you want to operate and block the rest

Select the region(s) you want to use and disable the use of other regions in multiple accounts using AWS Organizations through Service Control Policies or if you have deployed AWS Control Tower select the regions to use and block the rest in the Landing Zone configuration.

Documentation site with policy examples

AWS Global Infrastructure Regions

More Information about Service Control Policies is available in a related recommendation here

Risk Mitigation

Reduces cost impact if adversaries do Cryptomining, or launch resources to join into a botnet.

Guidance for assessments

Has the organization defined in which regions to operate ?
Are there workloads in regions prohibited by your policy ?
Have you blocked the prohibited regions ?

Pricing

AWS Organizations service as well as Service Control Policies are free.

AWS Control Tower has no additional fee, however, you pay for the costs of the services that AWS Control Tower enables such as AWS Config and AWS Service Catalog.

More details here: https://aws.amazon.com/controltower/pricing