We can enable/disable regions at the account level by logging in as the AWS account administrator and going to My Account -> AWS Regions. Only "opt-in" regions can be enabled or disabled e.g."Asia Pacific (Hong Kong)". All other regions are "Enabled by default" on an AWS account and cannot be disabled. Challenge is, that this operation doesn't have API to manage this setting therefore no terraform either. We have written script (uses selenium), but it has to be executed manually by operator from Win and authenticate using ADFS.
We are looking to automate entire account provisioning workflow, but missing on #2 -
- Using AWS Organizations create new child account (done - API available)
- Enable e.g. Hong Kong region programmatically (from linux cmd / lambda) - Missing https://docs.aws.amazon.com/general/latest/gr/rande-manage.html
- Enable Global STS (done - API available) https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
thanks, D
Now it is possible to programmatically enable a non default region, e.g. Zurich (eu-central-2). See the Manage account regions documentation.
Via boto3 it is possible as well with the enable_region method. Keep in mind that it might take several hours until it's usable.
To check if the enabling succeeded use the get_region_opt_status method