Organizations using SCPs to Restrict Regions

[andrewkrug]

CloudMapper uses ec2.describe_regions() to pull back which regions to iterate over. Is there a better way to get this in an org that restricts regions using SCPs? Currently this causes a lot of access denied errors as cloudmapper tries to run describe calls in regions that aren't enabled.

[0xdabbad00]

I wanted to avoid hard-coding a list as AWS adds more regions, but it could make sense to fall back to a hard-coded list where this call is restricted. There has been this PR to filter on the regions you collect from for this PR #496 and issue #549

[dr460neye]

Thanks for showing up a ticket about this exists already.
Please be aware, that thee "hardcoded" region does not only appear in the ec2.describe_regions part.
It appears way more often in the meaning of "hardcoded".
Maybe a effortless workaround could be, that there is on top of the "default" region also an "api" region.
This is available for all services except the "universal/global" ones. This could get rid of the situtation that my "hosting" region is depending somehow on the api region.

[0xdabbad00]

This issue has been resolved via #698 where you can now define which regions to collect from.