make isOptInRegion dynamic via SDK call

Question

make isOptInRegion dynamic via SDK call

Opened this issue 8 months ago · 2 comments

Is your feature request related to a problem? Please describe.
I'm always frustrated when we need to manually add new AWS opt-in regions to a static list when a new regions launches

Describe the solution you'd like
Rather than have a static list of opt-in regions, we should replace the check with a call to the Describe Regions API to determine the opt in status of the region.
By passing the region name as a filter we can look at the opt in status of the Region object that is contained in the response and determine the answer dynamically. This means both less work to maintain the list, and a better experience for consumers of the SDK, as they won't have to wait for a new SDK version to get the latest list of regions.
See here for
API Reference
https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeRegions.html

and Go SDK reference:
https://docs.aws.amazon.com/sdk-for-go/api/service/ec2/#EC2.DescribeRegions

Describe alternatives you've considered
Alternatively, instead of defaulting to assuming a region is not opt in, we invert the list and keep track of the regions that are not opt in. Since all new AWS regions are opt in regions (as per here - https://docs.aws.amazon.com/controltower/latest/userguide/opt-in-region-considerations.html )

"The term opt-in has a historical basis. Any AWS Regions introduced after March 20, 2019 are considered to be opt-in Regions. "

this should ensure that when new regions are launched, the correct default is used.

Additional context
Example PR: #111

Answer 1 · 2024-01-06T00:43:38.000Z

I'd be happy to write the PR for the above, just wanted to get input on if a - this is a desired change and b - which of the two solutions is preferred

Answer 2 · 2024-01-25T17:58:39.000Z

IIRC we've done similar things in the past (see xray plugin) but then had customers frustrated to have to add permissions for EC2 for regions fetching.

I think I briefly looked into this a while back and I remember there being another way to fetch regions that doesn't rely on ec2 permisisons? I think there might be endpoints.RegionsForService which might be a better fit?

I agree thought some kind of automated list that is:

from and maintained by amazon
that ideally doesn't require credentials (or at least requires very limited credentials)

would be excellent, though I'm not sure we'll have the bandwidth for this project right now. Feel free to make a pr and show us what you're thinking. I'll put this in our backlog for now as something to investigated in the future.