4

Why are some AWS Regions disabled by default?

What is the main reason behind it?

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Haider Ali
  • 63
  • 1
  • 4
  • E.g. to give admins more control over what the users do in their accounts. They may need to do some legal or compliance stuff before a region may be enabled for a company account. – luk2302 Jan 20 '22 at 10:34
  • 1
    Did you not read my comment? Those are new regions and maybe admins need to do stuff before you are allowed to use them. Just ask your admins to enable them or enable them yourself if you are able to. Asking for the "why" will not really tell you anything. – luk2302 Jan 20 '22 at 10:44
  • They are opt in regions. Check the service available before as not all the services are available in these new regions. – Riz Jan 20 '22 at 10:48
  • admin gave me the access too.. thats not a problem for me .. but just need know know why some of aws regions are disabled by default .. i mean there are alot of regions inside aws but not all regions are disabled by default.. maybe its a new regions thats why its disabled by default what do you think about that ? – Haider Ali Jan 20 '22 at 10:52
  • https://docs.aws.amazon.com/general/latest/gr/rande-manage.html "Regions introduced before March 20, 2019 are enabled by default." – luk2302 Jan 20 '22 at 10:53
  • is there any difference between previous and newly introduced regions such as middle east behrain ? – Haider Ali Jan 20 '22 at 10:58
  • Not per-se, no. Some services are not available in some regions, that may correlate with their introduction date but it is not the actual reason. – luk2302 Jan 20 '22 at 11:02
  • @riz what does opt means can you please explain a little ? – Haider Ali Jan 20 '22 at 11:06
  • Opt in means "choose to participate in something". It's like if you want to subscribe to it or not. The reason might be 'lack of services' and/or "to allow account Admins to specify which regions resources can be created in. (This helps account owners enforce legislative requirements)" according to https://www.reddit.com/r/aws/comments/ivqpg9/comment/g5t05qp/?utm_source=share&utm_medium=web2x&context=3 – Riz Jan 20 '22 at 11:15
  • latency issue may be... – Aishwarya Joshi Jan 20 '22 at 12:45

1 Answers1

2

It's because of History.

Prior to 2019, new regions simply 'appeared' on AWS Accounts as fully Enabled, so users could create resources in new regions immediately.

However, using more regions is not necessarily a good thing. Some companies prefer to have all their resources in one region or a few specific regions. It can be quite complex to write IAM permissions that limit user rights to specific regions, and it is made even more complex when new regions are added.

Therefore, in March 2019 AWS made a change such that 'new' regions will be disabled by default.

From Setting permissions to enable accounts for upcoming AWS Regions | AWS Security Blog:

AWS is changing the default behavior for all new Regions going forward. For new AWS Regions, you will opt-in to enable your account to operate in those Regions. This makes it easier for you to select the regions where you can create and manage AWS resources.

Additional permissions were defined to allow Admins to enable/disable specific regions.

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
  • Hi John-- Thanks for the info and for linking to the AWS security blog article. Very helpful. Quick follow-up question: To your knowledge, are there any additional costs or fees that are incurred to use these `"opt-in regions"`? And after being enabled, are `opt-in` regions billed any differently than `non-opt-in` regions? TIA! – Robert Lin Jan 09 '23 at 16:19
  • 1
    @RobertLin Merely activating an opt-in region would not incur any charges. All AWS services are charged based on usage. The actual costs might vary by region (see pricing pages), such as Data Transfer costs or per-hour costs. – John Rotenstein Jan 09 '23 at 22:04