Reputation: 16873
How to deactivate region in AWS through the CLI
I am trying to deactivate an accounts regions via the CLI is it possible to do through the CLI?
I can do it via the AWS console IAM -> Account Settings -> Region -> Deactivate
Upvotes: 1
Views: 1545
Answers (1)
Reputation: 269500
According to AWS: Allows Enabling and Disabling AWS Regions - AWS Identity and Access Management, the IAM permissions related to enabling accounts is prefixed by account::
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "EnableDisableHongKong",
"Effect": "Allow",
"Action": [
"account:EnableRegion",
"account:DisableRegion"
],
"Resource": "",
"Condition": {
"StringEquals": {"account:TargetRegion": "ap-east-1"}
}
},
{
"Sid": "ViewConsole",
"Effect": "Allow",
"Action": [
"aws-portal:ViewAccount",
"account:ListRegions"
],
"Resource": ""
}
]
}
I could not find any AWS CLI commands for the account category. (Nor did I see any in boto3.)
I did manage to find a reference of the actions at: Actions, Resources, and Condition Keys for AWS Accounts - AWS Identity and Access Management. So, it might just be a matter of time until it appears in the various SDKs and the AWS CLI.
This answer was written in June 2019, so things might have changed later.
Upvotes: 1
Related Questions
- How to set --region with aws cli commands?
- Enable new AWS region programmatically
- Why some AWS Regions are disabled by default?
- AWS - Possible to disable regions in interface?
- Is it possible to change the EC2 instance region?
- Cannot Restrict AWS Regions in my Account
- aws cli not honouring default region configuration
- How to enable one region to another in AWS
- AWS Disable Region through API (Boto3 or Terraform)
- AWS CLI executing in wrong regions