I want to restrict users to only one region.
I know that using IAM policy and group can be done, but it something that can be forgotten when create new users or role.
