You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
An error occurred (AccessDeniedException) when calling the DisableRegion operation: User: USERARN is not authorized to perform: account:DisableRegion (Your organization must first enable trusted access with AWS Account Management.)
Document how to disable specific regions in specific accounts/ous.
Attempt 1
aws account disable-region --region-name=us-east-1 --account-id ACCOUNTID
Attempt 2
Enable AWS Account Management
https://docs.aws.amazon.com/accounts/latest/reference/using-orgs-trusted-access.html
New Error
aws account disable-region --region-name=us-east-1 --account-id ACCOUNTID
An error occurred (ValidationException) when calling the DisableRegion operation: us-east-1 is not a valid region for opt-in or opt-out.
Attempt 3: LZ Region Deny Policy
Region deny policy control for landing zone - CTMULTISERVICEPV1
https://docs.aws.amazon.com/controltower/latest/userguide/region-deny.html
Attempt 4
Using an SCP worked in the end
The text was updated successfully, but these errors were encountered: