StackZone allowed regions preventive GuardRails

Denies access to any operations outside of the specified Amazon Web Services Region, except for actions in the listed services (These are global services that cannot be whitelisted based on region). You can select what Organizational Units are included in this GuardRail.